LEADING  1  ^NOVATION  HOW  TO  GET  YOUR  CREATIVE  JUICES  FLOWING  Page34 


BUSINESS  TECHNOLOGY  LEADERSHIP 


CONSUMER  APPS 

Managingthem  insidethe  enterprise 

Page  63 

THE  MID-MARKET 

Coping  with  H I PAA  compliance 

Page  74 

EMERGING  TECHNOLOGY 

The  videos  are  streaming! 
Make  sure  your  network  is  prepared. 

Page  27 


SUPPLY  CHAIN 

At  Your  Service 


Howthird-party  providers 
can  bring  new  efficiencies 
and  savings  to  integration 


BY  THOMAS  WAILGUM  Page48 


On  his  way  to  work, 
Brian  started  to  think 
about  how  changing 
applications  could 
dramatically  speed 
up  product  design. 


Right  after  that,  a 
server  overheated 
and  he  spent  the  day 
shopping  for  fans. 


Set  IT  free 


HP  BladeSystem  Enclosure  with  BL460c  and  BL480c  server  blades 


Dual  Core  is  a  new  technology  designed  to  improve  performance  of  multithreaded  software  products  and  hardware-aware  multitasking  operating  systems  and  may  require  appropriate  operating  system  software  for  full 
benefit;  check  with  software  provider  to  determine  suitability;  not  all  customers  or  software  applications  will  necessarily  benefit  from  use  of  this  technology.  Intel's  numbering  is  not  a  measurement  of  higher  performance. 
1 .  Based  on  internal  HP  testing  of  similarly  configured  rack  and  blade  servers  running  identical  tests. 


' 


Xeon 

inside r 

Dual-core. 
Do  more. 


Introducing  the  HP  BladeSystem  c-Class,  powered  by  the  Dual-Core  Intel®  Xeon®  Processor.  Give  your  IT 
department  the  freedom  to  spend  less  time  on  day-to-day  operations  so  they  can  focus  more  time  on 
pursuing  innovations  for  the  company.  The  new  HP  BladeSystem  comes  equipped  with  features  like  Thermal 
Logic  Technology,  which  manages  powerand  cooling  without  sacrificing  performance,  so  your  company  can 
deliver  power  savings  of  up  to  40  percent  or  more  versus  rack-mount  servers1.  And  money  saved  is  money  that 
can  be  reinvested  into  more  innovations  for  your  company.  Just  imagine  the  possibilities  when  you  set  IT  free. 


Call  1-877-726-8112 
Visit  hp.com/go/setlTfree6  or  contact  your  local  reseller  to 
learn  more  about  how  the  BladeSystem  can  help  your  business. 


Mr 


■r 


-  -•  y> 

* 


■>  ■% .... 

>  i 


■  .  wpffi 


Intel,  the  Intel  Logo,  Xeon  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  The  information  contained  herein  is  subject  to  change 
without  notice.  ©  2006  Hewlett-Packard  Development  Company,  L.P. 


Leaders  Wanted/CIO  Challenge  Series 


Challenge  #2: 

Turn  a  thousand  versions  of  your  numbers  into  one. 


Solution: 

Hyperion — your  management  system  for  the  global  enterprise. 

It’s  hard  to  see  the  insight  in  the  numbers  when  they  come  from  a  thousand 
different  spreadsheets  and  dozens  of  business  intelligence  tools.  That’s  why 
the  world’s  leading  CIOs  and  CFOs  turn  to  Hyperion.  With  Hyperion® System™9, 
you  can  dramatically  simplify  the  management  of  master  data  and  insure 
data  quality  across  all  enterprise  systems — analytical  and  financial 
applications,  transactional  systems,  data  warehouses,  and  more.  So  you  can 
deliver  numbers  that  inspire  confidence.  And  insights  that  inspire  action. 


FREE  ARTICLE  FROM  HARVARD  BUSINESS  REVIEW 
How  do  other  IT  leaders  deliver  financial  clarity  and 
business  intelligence?  Discover  new  insights  and  best 
practices  from  the  Harvard  Business  Review  and  Hyperion. 
Go  to  www.hyperion.com/go/numbers 


#  Hyperion" 

The  future  in  sight 


©  2006  Hyperion  Solutions  Corporation.  All  rights  reserved.  "Hyperion,”  the  Hyperion  logo,  and  Hyperion's  product  names  are  trademarks  of  Hyperion.  References  to  other  companies  and  their  products 
use  trademarks  owned  by  the  respective  companies  and  are  for  reference  purpose  only. 


Port’ 


jn 

fist 

•YJ 

1  ^yvBgar 

L//i 

8 


Agere  Systems  Director  of  IT 
Infrastructure  Chris  Morris:  “We  did 
every  bit  of  integration  ourselves,  and 
every  supplier’s  connection  had  to  be 
different.”  And  that  was  not  fun. 


48  Integration  Liberation 

COVER  STORY  |  SUPPLY  CHAIN  MANAGEMENT  The  era  of  do  it- 

yourself  supply  chain  integration— its  costs,  its  risks  and  its  drain  on  your 
IT  resources— is  coming  to  an  end.  Help  has  arrived.  By  Thomas  Wailgum 


34  How  to  Get  Inspired 
innovation  Leading  innovation 
requires  creativity.  That  means  you 
have  to  think  like  an  artist. 

By  Mike  Hugos 

38  Digital  Subversives 
security  Are  employees  compro¬ 
mising  security  by  bringing  consumer 
tech  into  the  enterprise?  Perhaps,  but  if 
you  use  too  heavy  a  hand  to  stop  them, 
you’ll  be  fighting  a  losing  battle. 

By  Michael  Schrage 

42  Lessons  for  the 
Mentor 

leadership  How  one  CIO  got  the 
extra  resources  she  needed  while  learn¬ 
ing  how  to  help  young  IT  professionals 
shine.  By  Barbara  Kunkel 


63  Consumer  Appeal 


emerging  technology  Your  end  users  are  downloading  Skype 
and  sharing  links  to  company  webpages  on  Del.icio.us.  But  don’t  panic. 
Although  emerging  consumer  applications  can  pose  security  risks,  here 
are  five  that  offer  business  benefits  if  you  manage  them  well. 

By  Susannah  Patton 

74  The  Complying  Game 

mid-market  |  compliance  CIOs  are  still  struggling  to  comply  with 
HIPAA’s  10-year-old  medical  privacy  regulations.  And  the  smaller  the 
healthcare  organization,  the  harder  the  task.  By  Susannah  Patton 

86  How  to  Succeed  in  Business 

interview  In  the  past  six  years,  Kevin  Turner  has  occupied  three  of  the 
most  senior  offices  in  the  corporate  C-suite:  CIO,  CEO  and  COO.  He  talks 
about  what’s  different  and  what’s  the  same,  and  shares  the  secrets  of  his 
success.  By  Abbie  Lundberg 


j 


COVER  PHOTO-ILLUSTRATION  BY  STEPHEN  WEBSTER 


www.cio.com  |  OCTOBER  15,  2006  3 


contents 


In  Every  Issue 


8  From  the  Editor 


[THE  CIO  ROLE] 


Your  users  are  increasingly  deter¬ 
mining  what  IT  they’ll  use  and  how 
they’ll  use  it.  Does  that  scare  you?  It 
shouldn’t.  By  David  Rosenbaum 


Not  Just  Communications— 
Advanced  Communications 


10  From  the  CEO 

In  a  world  where  every  question  is 
multiple  choice,  business— and  the 
CIO’s  role— must  change. 

By  Michael  Friedenberg 

14  Inbox 

Readers  weigh  in  on  the  science  of 
change  and  assessing  IT  value. 

17  Trendlines 

►  Assault  and  batteries 

►  IT  that  plays  together,  stays  together 

►  Microsoft  Zune:  A  not-so-sweet  tune 

►  Online  customers  say,  Treat  me  right 

►  New  stadium,  new  tech,  same  Cards 

►  Where  outsourcing  is  academic 

►  Calif,  to  mandate  Wi-Fi  warnings? 

►  Customers:  your  best  innovators 

►  Mobile  mayhem 

27  Essential  Technology 

Streaming  video  clips  are  invading 
your  network.  Get  a  grip  now  or  deal 
with  the  pain  later. 

By  Laurianne  McLaughlin 

90  Index 

92  Endlines 

I.T.  MVPs  By  Scott  Kirsner 


Ask  any  guru  the  key  ingredient  to  becoming  a 
great  leader  and  he’ll  likely  say  “communications.” 

The  articles  in  our  Advanced  Communications 
series  will  help  you  turn  yourself  into  a  great 
communicator.  Topics  range  from  howto  write  a 
memorable  memo  to  howto  read  facial  expres¬ 
sions.  There’s  a  baker's  dozen  in  the  col  lection 
now,  and  more  to  come. 

))  www.cio.com/special  reports/communications.html 


[ETHICS] 

WHEN  IS  IT  OK  TO  LIE? 

A  new  word  has  slunk  into  our  vocabulary: 
pretexting.  It  means  misrepresenting  your¬ 
self.  OK,  it  means  lying.  Hewlett-Packard 
CEO  Patricia  Dunn 
lost  her  job  because 
the  investigators  she 
engaged  to  identify  a 
boardroom  leaker  at 
HP  lied.  Butwasn’tshe 
entitled  to  find  out?  And  was  she  responsible 
for  the  methods  her  investigators  used?  And 
is  lying  itself  a  crime?  CSO  columnist  Sarah 
D.  Scalet  wonders  what’s  black,  what’s 
white,  and  where  are  the  gray  areas  in  her 
Alarmed  security  column.  Check  it  out. 

www2.cio.com/research/security/edit/ 

a09282006.html 


Sarah  D.  Scalet 


[LISTS] 


25  TERRIFYING 
IT.  DISASTERS 

With  Halloween  on  the 
horizon,  we  scoured  the 
crypt  where  IT  projects 
go  to  die  and  found  25 
of  the  most  horrifying  IT 
disasters  you’ll  ever  see. 
www.cio.com 

.  • . 


»  Special  Reports:  Weigh  In  on  SOA  governance  models 
»  Beneath  the  Buzz:  On  common  business  processes 
»  Fully  Mobile:  On  the  failure  of  Mobile  ESPN 
»  Movers  and  Shakers:  Who’s  in,  who’s  out 


4  OCTOBER  15,  2006  |  www.cio.com 


THE  NEW  STORAGEWORKS  ALL-IN-ONE  STORAGE  SYSTEM. 
NO  STORAGE  EXPERT  REQUIRED. 

With  the  HP  StorageWorks  All-in-One  Storage  System,  setting  up  and 
moving  your  data  takes  less  than  10  clicks— no  storage  expertise  required. 
An  intuitive  interface  eliminates  storage  complexity  by  making  managing 
data  equally  simple,  while  an  HP  support  team  is  only  a  phone  call  away. 
Integrated  file  serving,  application  data  storage  and  data  protection  make 
for  a  true  all-in-one  system.  So  now  just  about  anyone  can  install  and 
manage  network  storage.  And  with  a  price  starting  at  $4999,  just  about 
anyone  can  afford  it. 


HP  STORAGEWORKS  400  ALL-IN-ONE 
STORAGE  SYSTEM 

$4999  Smart 

•  Dual-Core  Intel®  Pentium®  D  Processor  930 
(3.0GHz/800) 

■  1 7B  storage  (4x250  GB  SATA,  hot  plug) 

■  (2)  PCI-X  64-bit  133  MHz  expansions  slot 

■  Microsoft®  Windows  Storage  Server™  2003  R2  and 
iSCSI  Software  Target 

•  Hardware  RAID  controller 


To  learn  more  about  how  HP  has  revolutionized  network  storage, 

mrg  -vm  * 

Click  hp.com/go/allinonestorage2 

1 

Call  1-800-888-0137 

t'fiM 

Or  find  a  reseller  at  hp.com/go/ reseller 

■■■■•■  V:.  .. 

Prices  shown  are  HP  Direct  prices;  reseller  and  retail  prices  may  vary.  Prices  shown  are  subject  to  change  and  do  not  include  applicable  state  and  local  taxes  or  shipping  to  recipient’s  address.  ©2006  Hewlett- 
Packard  Development  Company,  L.P.  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  Intel,  Intel  logo,  Intel  Inside,  Intel  Inside  logo  and  Intel 
Pentium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries. 


j-**  W:. 

H  512 

'’--■V:'  *  A* 

MK 

f 


*■  "r-.  - 


'  2>  '* 


■  -- 


■  ■-  •■ 


m 


■s  ' 


one 


£ 


. 


... 


A  people-ready 
business  bets 
on  its  most 


©  2006  Microsoft  Corporation.  All  rights  reserved.  Microsoft  is  a  registered  trademark  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and 
products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 


Is  your  business  a  people  T_ ready  business? 


i 


Your  people.  They  can  solve  problems  before  they  happen.  Invent 
new  ways  to  do  business.  And  build  strong  relationships  with 
your  customers  and  partners.  They  know  your  business  inside 
and  out — what's  working  and  what's  not.  They're  the  robust, 
scalable,  cutting-edge  business  solution  you've  had  all  along. 


Your  people  are  your 
greatest  advantage,  but  only 
if  you  help  make  them  ready. 
How?  By  giving  them  the  tools 
and  technology  they  need  to 
get  the  job  done.  And  software 
is  at  the  heart  of  all  of  this. 


Step  one  is  cultural. 

The  key  to  building  a  people- 
ready  business  starts  with 
investing  in,  relying  on,  and 
caring  about  your  people's 
impact  on  your  business.  Are 
they  empowered  to  make 
front-line  decisions?  Do  they 
have  the  ability  to  share  and 
collaborate  across  the  organization?  Do  they 
have  the  resources  they  need  to  turn  plans 
into  actions? 


Does  it  work? 

Ask  Tommy  Hilfiger.  "We  focus 
our  efforts  on  empowering 
our  people — getting  them 
the  resources  they  need  to 
succeed,  to  get  the  job  done.' 
In  a  company  that  depends  on  quickly  bringing 
a  steady  stream  of  new  ideas  to  market,  it's  a 
focus  that  pays  off. 


Without  people, 
where  would  innovation 
come  from? 


drives  all  that  technology — 
the  kind  of  software  you  use. 
With  the  right  software,  your 
people  are  ready.  Software 
that  connects,  informs,  and 
empowers  them.  Software 
that's  easy  to  learn,  easy  to 
use,  easy  to  integrate,  easy  to 
deploy.  Software  developed  for 
people.  Microsoft®  software. 


Step  two  is  to  make  them  ready. 

Once  you've  bet  on  the  culture  to  deliver,  they 
need  tools  powerful  enough  to  make  it  happen. 
Computers  and  phones  and  swivel  chairs, 
sure.  But  more  important  is  the  engine  that 


That's  a  people-ready  business:  people,  sup¬ 
ported  by  culture,  succeeding  on  the  shoulders 
of  software.  And  when  you  do  that  for  your 
people,  there's  no  stopping  them.  Learn  more 

at  microsoft.com/peopleready 


Microsoft 


FROM  THE  EDITOR 


Your  users  are  increasingly 
determining  what  IT  they’ll  use 
and  how  they’ll  use  it.  Does 
that  scare  you?  It  shouldn’t. 


A  few  months  ago,  I  was  getting  a  brutal  headache  reading  the  hundreds  of  CIO 
100  applications  stored  in  our  database.  We  connect  to  them  through  our  IE  browser, 
and  I  couldn’t  make  the  teeny-tiny  type  any  bigger.  So,  as  is  my  habit,  I  complained  to 
anyone  who  would  listen.  And  then  a  writer  said,  “I  can  fix  that,”  and  it  was  for  him 
but  the  work  of  a  moment  to  download  Mozilla’s  Firefox  browser.  Voila!  I  could  make 
the  type  as  large  as  I  wanted. 

So  I  took  a  stroll  around  the  office,  glancing  at  people’s  screens,  and  I  saw  some 
remarkable  stuff.  Odd  looking  desktops  with  odd  looking  icons.  Trillian  IM  conver¬ 
sations.  Gmail  and  Google  desktop 
search  and  Weatherfox.  FileZilla. 

Spybot  Search  &  Destroy.  Not  to 
mention  iTunes  everywhere.  It’s  an 
IT  potpourri  out  there,  and  it  has 
nothing  to  do  with  our  IT  depart¬ 
ment.  Employees  downloaded 
these  apps  from  the  Web  because 
a)  they’re  available,  b)  they’re 
(mostly)  free,  c)  they’re  cool,  and  d) 
most  important,  they  help  them  do  their  jobs  better,  enabling  them  to  do  things  that 
our  own  enterprise-supplied  apps  don’t  let  them  do,  or  don’t  let  them  do  as  well. 

This  is  a  big  deal,  and  this  sea  change  is  the  subject  of  Susannah  Patton’s  story 
“Consumer  Appeal,”  on  Page  63,  and  Michael  Schrage’s  column,  “Digital  Subver¬ 
sives,”  on  Page  38. 

Once  upon  a  time,  the  IT  you  got  at  work  was  better  than  anything  you  could  get 
yourself.  No  more.  In  fact,  these  days  the  IT  you  get  in  the  office  frequently  looks  old- 
fashioned  by  comparison.  Half  of  the  respondents  to  a  Gartner  survey  reported  that 
60  percent  of  their  IT  users  are  employing  consumer-grade  software  in  the  office 
whether  or  not  their  IT  department  approves.  And  some  enterprises  are  responding 
in  a  predictable  manner,  banning  unauthorized  software  and  electronics  from  the 
office. 

Bad  idea.  You  might  as  well  stand  by  the  shore  and  tell  the  tide  to  cease  rising. 

Not  that  this  trend  doesn’t  generate  problems  for  CIOs.  These  applications  can  eat 
up  server  space;  they  can  be  destabilizing,  and  those  that  connect  to  enterprise  sys¬ 
tems— such  as  desktop  search— can  blow  big  holes  in  a  company’s  network  security. 

But,  as  Patton  and  Schrage  point  out,  nobody’s  going  to  stop  people  from  using 
IT  that  makes  their  lives  easier  and  allows  them  to  be  more  productive.  Without 
that  Firefox  browser,  for  example,  I  could  not  have  done  as  good  a  job  vetting  those 
applications. 

The  challenge  for  CIOs  will  be  to  learn  how  to  manage  IT  in  this  new  environment, 
making  it  safe  and  leveraging  it  for  business  advantage.  Ways  to  do  this  are  already 
percolating.  Check  out  Patton’s  and  Schrage’s  articles  to  find  out  what  some  of  these 
strategies  are. 

And  don’t  be  scared.  The  IT  future  belongs  to  the  users,  which  is  how  it  should  be. 

- - 

David  Rosenbaum,  Managing  Editor 
drosenbaum@cio.com 


Once  upon  a  time, 
the  IT  you  got  at  work 
was  better  than  any¬ 
thing  you  could  get 
yourself.  No  more. 


8  OCTOBER  15,  2006  |  www.cio.com 


PHOTO  BY  WEBB  CHAPPELL 


3PAR  THIN 
PROVISIONING 

Good  for  your 

business... 

good  for  the  planet 


LESS  DISK  DRIVES 


LESS  ENERGY 


LESS  GREENHOUSE 
GASES 


Think  Thin.  Think  Green.  Think  3PAR. 


"By  consolidating  on  3PAR,  we've 
doubled  our  capacity  utilization. " 

Ron  Rose,  CIO  of  Priceline.com 


3PAR's  simple,  efficient  and  massively  scalable 
storage  arrays  with  Thin  Provisioning  are 
revolutionizing  the  mission-critical  data  center. 
3PAR  customers  can  buy  half  the  storage 
capacity  required  with  traditional  storage 
arrays.  Deploying  3PAR  Utility  Storage  means 
lower  capital  costs  and  reduced  consumption 
of  electricity  and  data  center  floor  space. 

To  learn  more  about  3PAR  Thin  Provisioning  request  a  free 
white  paper  from:  www.3par.com/green  or  contact  us: 
salesinfo@3pardata.com  or  1-888-3PAR-226  extension  2. 


3  PAR 

Serving  Information 


BUSINESS  TECHNOLOGY  LEADERSHIP 


FROM  THE  CEO 


Power  Shift 

In  a  world  where  every  question  is  multiple  choice, 
business— and  the  CIO's  role— must  change 


Is  your  business  prepared  for  the  unlimited 
potential  (or  extreme  threat)  of  high-speed  band¬ 
width  as  it  achieves  massive  adoption,  leading  to  a 
market  characterized  by  a  plethora  of  choices?  Signs 
of  the  bandwidth  upheaval  are  already  appearing. 
Just  look  at  the  music  and  media  industries  and  I 
think  you’ll  start  to  get  an  idea  of  what  will  happen  in 
all  markets  as  power  shifts  from  the  producer  to  the 
consumer.  If  you  haven’t  given  this  much  thought,  I 
highly  recommend  Chris  Anderson’s  latest  book,  The 
Long  Tail,  which  explains  why  the  “future  of  business  is  selling  less  of  more.”  He  cites 
eBay,  iTunes,  Google  and  Lego  as  examples  of  companies  that  are  successfully  selling 
in  a  market  of  multitudes. 

As  Anderson  explains,  the  world  is  quickly  moving  from  mass  to  niche,  scarcity  to 
abundance,  and  transactions  to  interactions.  Your  customers  now  have  more  choices 
before  them  than  ever  before,  and  the  standard  ways  of  interacting  with  them  have 
been  turned  upside  down.  With  the  Web  causing  the  traditional  physical  barriers  of 
entry  to  disappear  (both  in  respect  to  inventory  and  geography),  we  are  now  facing 
the  opportunity  of  a  lifetime— if  we  can  seize  it. 

The  historic  80/20  rule  no  longer  applies.  You  no  longer  have  to  have  80  percent 
of  your  revenue  coming  from  20  percent  of  your  customers.  In  today’s  world,  you  can 
drive  revenue  and  profit  by  aggregating  niches  that  were  previously  impossible  to  see 
let  alone  serve.  As  Anderson  writes,  the  “invisible  market  has  turned  visible.” 

If  you  want  to  learn  more  about  how  almost  unlimited  bandwidth  is  transforming 
the  business  world,  and  about  other  trends  that  will  affect  the  future  role  of  the  CIO, 
join  us  at  CI0|07,  Nov.  5  through  7  at  the  Wild  Horse  Pass  Resort  in  Phoenix  ( www.cio 
.  com/conferences).  Chris  Anderson  and  other  industry  luminaries  will  be  sharing  their 
views  on  what  the  future  holds  for  us  in  a  world  boiling  with  change.  I  look  forward 
to  seeing  you  there. 


Michael  Friedenberg,  President  and  CEO 

mfriedenberg(g>cio.com 


president  and  ceo  Michael  Friedenberg 
publisher  Gary  J.  Beach 

CXO  MEDIA 

CIRCULATION 

svp,  circulation  Carol  A.  Spach 
subscription  svcs.  supervisor  Tina  Pescaro 

CIO  EXECUTIVE  COUNCIL 
GENERAL  MANAGER  Mark  Hall 
program  director  Shaw  Lively 
vp.  development  Dexter  Siglin 

MANAGING  DIR.,  CONTENT  DEVELOPMENT  Richard  PaStore 

dir.,  external  relations  Karen  Fogerty 
director  of  research  Michael  Swenson 
marketing  communications  manager  Jennifer  Baker 

MGR.  OF  OPERATIONS  AND  PROJECT  MGMT.  Jean  Costello 

director  of  development  Steve  Rovniak 

PROGRAM  SERVICES  MANAGERS 

Michael  Fahlsing,  Ellen  Friedman,  Bill  Golden. 
Carrie  Mathews.  Bill  Roche 

DEVELOPMENT  MANAGERS 

Patrick  Clarke,  Lauren  DeLong,  Steve  Dodman, 
Robert  Graham,  John  Harrison 

development  associate  Kristen  Bradshaw 

EXECUTIVE  PROGRAMS 

vp,  executive  programs  Ellen  Daly 
dir.,  business  development  John  Vulopas 
director,  event  marketing  Mary  Conroy 
senior  conference  producer  Judith  Kittredge 
event  planner  Sarah  Reagan 
event  coordinator  Bethany  Whiffin 
client  relations  associate  Lisa  Byron 
client  services  specialist  Cress  O'Brien 

INFORMATION  SYSTEMS 

idg  dir.  of  information  services  Nancy  Newkirk 
i.t.  manager  Sean  McCracken 
senior  user  support  specialists  Christopher  A.  Kay. 
Thomas  Lupien 

user  services  specialist  Gloria  Lam 
senior  web  developer  David  Cohen 
web  developer  Sanghee  Seo 

PRODUCTION 
vp.  manufacturing  Chris  Cuoco 
production  manager  Heidi  Broadley 
associate  production  manager  Lisa  M.  Stevenson 

MARKETING 

sr.  director,  marketing  comm.  Sue  Yanovitch 
sr.  marketing  comm,  specialist  Susan  Murray 
marketing  comm,  specialist  Lynn  Holmlund 

RESEARCH 

research  manager  Carolyn  Johnson 

ADMINISTRATION 

coo  Matt  Smith 

dir.,  finance  Margarita  Chiango 

FINANCIAL  ANALYST.  ONLINE  AND  INTEGRATED  PRODUCTS 

Chris  Bernardi 

executive  assistant  to  the  president  Diane  Martin 

ACCOUNTING  SPECIALIST  Joyce  GilliS 

facilities  specialist  John  Kelley 
office  services  coordinator  Mary  E.  Wooldridge 

HUMAN  RESOURCES 

vp,  human  resources  Patricia  Chisholm 
sr.  hr  representative  Beth  S.  Ramistella 

Y 

CXO\MEDlA  INC. 


INTERNATIONAL  DATA  GROUP 

board  chairman  Patrick  J.  McGovern 

president,  idg  communications  Bob  Carrigan 

*BPA 


10  OCTOBER  15,  2006 


www.cio.com 


PHOTO  BY  CHRISTOPHER  HARTING 


©CXO  Media  Inc. 


I  am  the  router  of  potential. 

I  am  a  green  light  for  progress 
I  am  the  facilitator  of  success. 


This  is  my  world. 

My  world  runs  on 
Dynamic  Networking 


The  World  According  To  Paulina 

Dynamic  Networking  from  AT&T  enables  Paulina  to  run  multiple  applications 
simultaneously  and  securely  over  a  global  IP  VPN.  Predicting  traffic  on 
the  fly  to  maximize  efficiency  across  the  enterprise.  Creating  real-time 
responsiveness,  greater  performance  and  a  green  light  to  go  full  speed 
ahead.  Learn  how  Dynamic  Networking  can  enable  your  business. 


The  new 


att.com/networking 


c  2006  AT&T  Knowledge  Ventures:  All  rights  reserved. 


BUSINESS  TECHNOLOGY  LEADERSHIP 


president  and  ceo  Michael  Friedenberg 
publisher  Gary  J.  Beach 

EDITORIAL 

editor  in  chief  Abbie  Lundberg 
managing  editor  David  Rosenbaum 

EXECUTIVE  EDITORS 

Christopher  Koch,  Elana  Varon 

WASHINGTON  BUREAU  CHIEF 

Allan  Holmes 

TECHNOLOGY  EDITOR 

Laurianne  McLaughlin 

SENIOR  EDITORS 

Stephanie  Gelston,  Stephanie  Overby 

SENIOR  WRITERS 

Thomas  Wailgum,  Ben  Worthen 

CONTRIBUTORS 

Mike  Hugos.  Jeremy  Kirk.  Scott  Kirsner. 
Barbara  Kunkel,  Stephen  Lawson.  Susannah  Patton. 
Michael  Schrage.  Martyn  Williams 

editorial  administrator 

Jill  Paquette 

DESIGN 

EXECUTIVE  DIRECTOR,  ART  AND  DESIGN 

Mary  Lester 

art  director  Terri  Haas 

ASSOCIATE  ART  DIRECTORS 

Matthew  Goebel,  Chandra  Tallman 

COPY  TEAM 

ASSISTANT  MANAGING  EDITOR 

Emily  S.  Henderson 

SENIOR  COPY  EDITORS 

Diann  Daniel,  Cathy  Mallen 

COPY  EDITOR 

Susan  Bryant-Still 

EDITORIAL  ASSISTANTS 

Margaret  Locher.  Christopher  Lynch, 
Katherine  Walsh 

ONLINE  EDITORIAL 

ONLINE  EDITORIAL  DIRECTOR 

Christopher  Lindquist 

SENIOR  ONLINE  EDITORS 

Sandy  Kendall,  Paul  L.  Kerstein,  Meridith  Levinson 

ONLINE  NEWS  WRITER  Al  SaCCO 
online  copy  editor  David  Gradijan 

RESEARCH 

RESEARCH  MANAGER 

Carolyn  Johnson 

& 

CXO  MEDIA  INC. 


INTERNATIONAL  DATA  GROUP 
board  chairman  Patrick  J.  McGovern 

president,  idg  communications  Bob  Carrigan 


«?yBPA 

©CXO  Media  Inc. 


WHAT  WE  COVER,  WHOM  TO  CONTACT 

CIO  CAREER 

ENTERPRISE 

•Skills 

INFRASTRUCTURE 

■  Job  Specs 

■  Enterprise  Architecture,  SOA 

■  Career  Path 

■  Middleware 

■  Professional  Development 

■  Enterprise  Resource  Management  (ERP) 

■  Personal  Development 

•  Supply  Chain  Management  (SCM) 

Stephanie  Gelston,  sgelston@cio.com 

■  B2B  Electronic  Commerce 

Meridith  Levinson,  mlevinson@cio.com 

Christopher  Koch,  ckoch@cio.com 

Thomas  Wailgum.  twailgum@cio.com 

LEADERSHIP  &  MANAGEMENT 

Ben  Worthen,  bworthen@cio.com 

■  Governance  &  Alignment 

■  Budget  Management  &  IT  Value 

CUSTOMERS 

■  Business  Process  Redesign 

■  Customer  Resource  Management  (CRM) 

■  Management  Methodologies 

■  B2C  E-Commerce 

■  Project  Management 

•  Business  Intelligence 

Christopher  Koch,  ckoch@cio.com 

■  Privacy 

Elana  Varon.  evaron@cio.com 

Allan  Holmes,  aholmes@cio.com 

SOURCING  &  STAFFING 

TECHNOLOGY 

■  Staffing 

■  Emerging  Technology 

■  Vendor  Management 

■  Networking  &  Communications 

Stephanie  Gelston,  sgelston@cio.com 

■  Data  Center 

Stephanie  Overby,  soverby@cio.com 

■  Storage 

■  Hardware 

RISK  MANAGEMENT 

•  Wireless/Mobility 

•  Security 

■  Knowledge  Management 

■  Business  Continuity 

Christopher  Lindquist,  ciindquist@cio.com 

■  Compliance 

Laurianne  McLaughlin,  lmclaughlin@cio.com 

Allan  Holmes,  aholmes@cio.com 

Thomas  Wailgum,  twailgum@cio.com 

Ben  Worthen,  bworthen@cio.com 

GOVERNMENT 

Allan  Holmes,  aholmes@cio.com 

COLUMN  &  DEPARTMENT  CONTACTS 

Applied  Insight 

Martha  Heller 

Christopher  Koch,  ckoch@cio.com 

Stephanie  Gelston,  sgelston@cio.com 

Book  Reviews 

Michael  Schrage 

Laurianne  McLaughlin,  lmclaughiin@cio.com 

Abbie  Lundberg,  lundberg@cio.com 

By  the  Numbers 

On  the  Move 

Laurianne  McLaughlin,  lmclaughlin@cio.com 

Meridith  Levinson,  mlevinson@cio.com 

Endlines 

Peer  to  Peer 

David  Rosenbaum,  drosenbaum@cio.com 

Elana  Varon,  evaron@cio.com 

Essential  Technology 

Susan  Cramm 

Laurianne  McLaughlin,  imclaughlin@cio.com 

Stephanie  Gelston,  sgelston@cio.com 

Forum 

Total  Leadership 

David  Rosenbaum,  drosenbaum@cio.com 

Elana  Varon,  evaron@cio.com 

InBox 

Trendlines 

Cathy  Mallen,  cmallen@cio.com 

Laurianne  McLaughlin,  lmciaughlin@cio.com 

Keynote 

Elana  Varon,  evaron@cio.com 

e-mail  letters@cio.com  phone  508  872-0080  fax  508  879-7784  address  CIO  Magazine,  CXO  Media  Inc., 

492  Old  Connecticut  Path,  P.0.  Box  9208,  Framingham,  MA  01701-9208  website  www.cio.com 

subscriber  services  866  354-1125  •  Fax  847  564-9453  •  E-mail  cio@omeda.com 

reprint  services  Jennifer  Eclipse  •  PARS  International 

•  212  221-9595  ext.  237  •  E-mail  jeclipse@parsintl.com 

rights  and  permission  Yadira  Pizarro  •  212  221-9595  ext.  231  •  E-mail  yadira@parsintl.com 

12  OCTOBER  15,  2006  |  www.cio.com 


How  Fast  Did  You  Say 
You  Needed  to  Hire? 

When  it  comes  to  finding  experienced  IT  pros 
to  meet  your  hiring  needs,  no  one  moves 
faster  than  Robert  Half  Technology. 


800.793.5533  •  rht.com 


WE  GET  IT.  WE  SPEAK  IT.  WE  KNOW  IT. 


RH 


Robert  Half 

Technology _ 


Information  Technology  Professionals 


©Robert  Half  Technology.  An  Equal  Opportunity  Employer.  0706-4005 


l 


READER  FEEDBACK 

InBox 


ContrarianRewards 


OTID^hefe'stheRO^ 


TheClooa— ; 
Iniorination  Security 

wbQ*iasthem- 

continues  to  lag 

«Sccurrty.n<h=m.a-n«'k*' 

security  executives 


1NOlO=* IE»0€»sh.p 


Managing  Change 

Interesting  article  [“The  New  Science 
of  Change,”  Sept.  15]  showing  the  mechan¬ 
ics  behind  the  processes. 

There  is  an  opposite  group,  of  which  I 
am  a  chief  member,  where  change  is  the 
constant  and  the  motivation.  Repetition  or 
being  comfortable  are  ideas  that  drive  fear 
into  our  souls.  The  idea  of  taking  the  world 
and  turning  it  on  end  to  watch  the  results 
is  thrilling.  Therefore,  we  must  have  a  fine- 
tuned  frontal  cortex  as  we  prefer  to  avoid 
the  comfortable.  We  dissect  things,  not 
because  they  are  broken,  but  because  we 
like  to  “make  it  different.” 

This  is  a  management  challenge,  as  a 
propensity  for  change  will  scare  cowork¬ 
ers  and  can  lead  to  disarray  if  done  in  a 
whimsical  manner. 

Interestingly,  many  who  reside  in  this 
realm  possess  the  “knight  in  shining 
armor”  mentality.  We  thrive  on  saving 
the  day  and  swinging  for  the  fence.  If  we 
dream,  we  dream  big.  So  we  have  come  to 
find  that  pairing  one  such  change-oriented 
person  with  someone  very  reserved  and 
detail-oriented  will  create  a  great  sym¬ 
biosis— one  constantly  looking  to  improve 


through  change  and  the  other  through 
standards  and  maintenance.  As  the  saying 
goes,  “the  one  constant  is  change.” 

DONNY  PARROTT 

Systems  Administrator  and  Analyst 
RM  Technologies 

Reading  this  article  explains  a  lot  of 
things  I’ve  seen  during  system  implemen¬ 
tations,  and  I’ll  be  a  lot  wiser  next  time. 
Sadly,  I  doubt  the  outcome  will  be  much 
different,  because  change  management  is 
rarely  considered,  much  less  funded,  and 
training  is  bare  bones  in  all  but  the  largest 
companies. 

LINDA  MULLER 

Senior  Systems  Analyst 

Value  Aforethought 

R.  Ryan  Nelson’s  article  [“Tracks  in  the 
Snow,”  Sept.  1]  is  spot-on  when  it  comes 
to  the  need  to  assess  and  analyze  the  real 
value  and  success  of  IT  projects— or  any 
projects  for  that  matter— after  delivery. 

I  think  we  miss  the  bigger  point,  how¬ 
ever,  when  we  fail  to  design  and  plan  proj¬ 
ects  with  the  end  user  in  mind  and  involved 
from  the  start.  The  best  applications  and 
initiatives  are  no  more  than  high-ticket 
wastes  if  the  end  user  isn’t  really  engaged 
from  the  very  first  thought. 

One  of  the  ongoing  shortcomings  of 
most  IT  and  technology  projects  is  a  lack  of 
proper  planning  and  scoping  to  determine 
not  just  the  functional  specifications  and 
technical  business  requirements  but  the 
actual  requirements  as  well.  Sometimes 
we  get  so  wrapped  up  in  what  technology 
can  do  that  we  fail  to  ask  if  it’s  something 
that  needs  to  be  done  by  the  business.  Just 
because  we  can  use  VoIP  phones  and  desk¬ 
top  videoconferencing  doesn’t  mean  that 
it’s  a  valid  business  idea  to  implement  for 
a  small  business.  Similarly,  having  one 
single  standardized,  integrated  computer 


system  sounds  great  in  theory— but  if  the 
users  can’t  make  it  work  (or  have  to  build 
workarounds  to  compensate  for  local  con¬ 
ditions),  then  perhaps  the  project  needed  to 
be  planned  to  compensate  for  these  issues 
at  the  start. 

We’ve  found  that  the  best  question  to 
ask  to  stimulate  this  kind  of  critical  think¬ 
ing  is.  So  what?  When  my  tech  director 
has  a  vendor  come  to  him  with  the  latest 
and  greatest  gadgets  and  toys,  we  ask,  So 
what?  Will  our  staff  really  use  fully  mobile 
tablet  PCs  with  wireless?  Do  we  need  wire¬ 
less  PDAs  with  voice,  data  and  Internet  to 
use  on  projects  where  much  of  the  data  has 
specific  security  requirements? 

The  key  then  is  to  ask  what  the  business 
really  needs— not  just  in  tech  terms,  but  in 
terms  of  what  the  users  need.  If  we  can 
get  these  questions  asked  properly  at  the 
start,  we  can  get  more  bang  for  the  buck 
and  avoid  some  of  these  totally  successful 
projects  that  are  practical  failures. 

TOM  VAN  KLEEF 

Executive  VP 
Warren-Goodwin  Inc. 

I  totally  agree  that  project  “value”  is  prob¬ 
ably  the  most  important  and  visible  success 
criteria,  but  I  believe  that,  unfortunately, 
value  is  becoming  a  buzzword.  I  suggest 
that  project  value  must  be  classified  as 
direct,  indirect,  infrastructure,  strategic  or 
transformational  value.  Each  of  these  value 
classifications,  in  turn,  requires  a  different 
type  of  valuation  and  analysis. 

MICHAEL  KING 

City  of  Charlottesville 


What  Do  You  Think? 


Send  your  thoughts  and  feedback  to  letters@ 
cio.com.  Letters  may  be  edited  for  length  or 
clarity.  For  a  link  to  the  articles  mentioned, 

go  to  www.cio.com/archive. 

cio.com 


14  OCTOBER  15,  2006  |  www.cio.com 


Leap  ahead 


KICK  IT  UP  A  NOTCH 


Introducing  Intel®  vPro™  technology. 

Greater  control  built  in  to  your  desktop  fleet. 

Intel®  vPro'"  technology  is  more  than  just  a  new  processor.  It's  an  integrated  set  of  new  technologies 
designed  to  work  together.  Your  ability  to  manage  your  entire  enterprise  is  built  in.  So  is  your  ability  to 
remotely  heal  PCs  even  when  powered  down.  Built  around  the  extraordinary  performance  of  the  new  Intel  - 
Core"?  Duo  processor,  Intel  vPro  technology  adds  functionality  to  leading  network  management  software. 

To  download  the  Intel  vPro  technology  whitepaper,  go  to  intel.com/pro. 

02006  Intel  Corporation.  Intel,  the  Intel  logo,  Intel  vPro.  Intel  Core,  Intel.  Leap  ahead.,  and  the  Intel.  Leap  ahead,  logo  are  trademarks  or  registered  trademarks  of 
Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  All  lights  reserved.  /  \ 


lose  money 


WHEN  SERVING  YOUR  CUSTOM 


WHATEVER  CHOICE  YOU  MAKE,  YOU’RE  TOAST. 


You  know  that  the  only  way  to  succeed  is  by  serving  your 
customers  better.  But  what  organization  can  afford  to 
throw  endless  dollars  at  improving  the  customer 
experience?  With  RightNow,  you  don’t  have  to  make  a 
deal  with  the  devil. 

RightNow  provides  a  breakthrough  solution  that  lets  you 
enhance  your  customer  experience  while  reducing  costs. 
By  delivering  knowledge  at  every  customer  touchpoint, 
RightNow  helps  you  grow  your  business,  one  customer 


experience  at  a  time.  We’ve  enabled  more  than  a  billion 
successful  customer  interactions  for  our  clients  in  every 
major  industry.  Chances  are,  we  can  help  you,  too. 

Find  out  why  RightNow  leads 
in  client  satisfaction.  Download 
your  free  executive  summary  of 
CRMGuru’s  Solutions  Guide  at 
www.rightnow.com/toast  or  call 
us  toll-free  at  1.877.363.5678. 


RIGHT 

NOW 

TECHNOLOGIES 


ED 


EDITED  BY  LAURIANNE  McLAUGHLIN  NEW  * 


Assault  and 

Batteries 

mobile  The  recall  of  nearly  6  million  notebook  PC  bat¬ 
teries  by  Dell  and  Apple  in  August,  and  more  than  500,000 
by  Lenovo  and  830,000  by  Toshiba  in  September  due  to  fire 
risk  has  caused  many  people  to  look  twice  at  their  computer 
batteries.  However,  few  alternatives  to  today’s  lithium  ion 
batteries  exist  yet:  Promised  fuel  cell  technology  for  note¬ 
books  remains  stuck  in  research  labs. 

The  Dell  and  Apple  recalls,  which  followed  online  pictures 
of  flaming  Dell  laptops,  were  impressive  both  for  their  size 
and  scope.  The  U.S.  Consumer  Product  Safety  Commission 
called  the  initial  Dell  recall  the  largest  consumer  electronics 
recall  in  history,  affecting  PCs  shipped  worldwide. 

Sony  Energy  Tech,  which  manufactured  all  the  batteries  in 
question,  points  to  problems  with  cells,  several  of  which  are 
contained  in  each  battery  pack.  Sony  accepts  some  responsibil¬ 
ity  and  says  it  will  help  pay  for  the  recall— which  could  cost  the 
company  up  to  $250  million— but  the  root  cause  of  the  problem 
remains  unclear. 

Sony  points  to  tiny  metallic  particles  present  inside  the  bat- 

Continued  on  Page  18 


IT  Thai  Plays  Together  Stays  Together 


talent  Don’t  tell  the  U.S. 
Department  of  the  Treasury,  but 
Bahman  Koohestani,  the  CIO  of  Orbitz, 
has  created  his  own  currency.  He  calls 
his  cash  Bahman  Bucks,  and  the  roughly 
300  members  of  his  IT  department 
based  at  Orbitz’s  Chicago  headquar¬ 
ters  use  it  at  a  restaurant  across  the 
street  from  their  office,  and  soon  will 
use  it  for  IT  group  outings  to  concerts 
and  sporting  events. 

Koohestani  created  the  currency, 
which  managers  distribute  to  staff  before 


a  social  event,  to  encourage  members  of 
his  IT  department  to  hang  out  after  work. 
"The  business  that  plays  together  works 
better  together,"  he  says. 

Indeed,  “Socializing  outside  of  work 
may  help  resolve  conflicts  and  build 
trust,”  says  Thomas  Harvey,  author  of 
Building  Teams,  Building  People. 

The  teams  that  play  together  also  stay 
together.  Koohestani  says  Orbitz's  IT 
turnover  is  low,  partly  because  employ¬ 
ees  don't  want  to  leave  their  coworker 
friends.  He  notes  that  the  social  activities 


he  sponsors,  which  typically  cost  Orbitz 
between  $1,600  and  $2,000  per  event, 
have  also  helped  him  recruit  new  talent. 

"It  is  significantly  cheaper  for  us  to 
increase  our  productivity  and  do  some¬ 
thing  about  retention  than  recruit  new 
people  [due  to  turnover],"  says  Koohes¬ 
tani.  “The  type  of  work  we  do  and  the 
competitive  market  we’re  in  requires  an 
extra  level  of  connectedness  you  don't 
get  from  coming  to  work  every  day  and 
punching  out  at  the  end  of  a  shift." 

-Meridith  Levinson 


ILLUSTRATION  BY  MATTHEW  GOEBEL 


www.cio.com  |  OCTOBER  15,  2006  17 


TRENDLINES 


1 


Microsoft  Zune:  Doesn't 
Sound  Sweet  to  Everyone 

product  names  Microsoft’s  forthcoming  digital  music  player,  dubbed 
Zune,  may  make  some  Hebrew  speakers  gasp.  The  name  for  the  device— which 
will  take  on  the  Apple  iPod  when  released  later  this  year— sounds  like  a  vulgarity, 
specifically  the  "f"  word,  in  Hebrew. 

The  tech  industry  continually  creates  goofy  product  names,  exemplified  by 
Yahoo  and  Google.  But  companies  routinely  hire  branding  consultancies  to 
extensively  research  product  names,  including  translations  in  other  languages, 
says  Steve  Manning,  managing  director  for  Igor  International  in  San  Francisco, 
a  branding  agency.  Nobody  wants  to  make  the  mistake  that  Chevy  did  with  its 
Nova  automobile  (No  va,  of  course,  made  Spanish  speakers  think  "no  go.") 

Hebrew  linguists  are  divided  over  Zune.  Tsila  Ratner,  the  head  of  Hebrew 
courses  in  the  Department  of  Hebrew  and  Jewish  Studies  at  University 
College  London,  says  Zune  is  an  unsuitable  name  for  a  product.  However, 
Haggit  Inbar-Littas,  a  30-year  veteran  Hebrew  teacher  with  the  London  Jewish 
Cultural  Center,  says  while  the  name  is  "ridiculous”  and  close  to  the  bad  word, 

it’s  unlikely  to  be  mistaken. 

Microsoft  breaks  the  controversy 
down  to  pronunciation.  “While  we 
do  acknowledge  the  similarity  in 
pronunciation  to  Hebrew  zi-yun, 
that  is  not  the  intended  meaning 
of  the  name  Zune,”  according  to 
a  Microsoft  statement.  Bloggers 
have  picked  up  on  the  difference- 
one  humorously 


M . 

vf 


a 


writing  that  if 
you  say  Zune 
to  rhyme 
with  iTunes, 
out  pops  the 
profanity. 

- Jeremy  Kirk 


wmmmmmmmmmmm 


TREAT  ME  RIGHT 


customer  care  The  Customer  Respect  Group  annual  ly 
asks  consumers  which  of  the  100  largest  U.S.  companies  treat 
online  customers  best— considering  website  usability,  quality 
and  timeliness  of  e-mail  communications,  and  trustworthi¬ 
ness  with  personal  data.  2006  winners:  HIGHEST  RATED 
OVERALL:  Intel,  Sears  Roebuck,  Hewlett-Packard,  Medco 
and  Procter  &  Gamble.  PROBLEM  AREA:  Only  13  companies 
consistently  send  helpful  customer  replies  within  24  hours. 


Continued  from  Page  17 


teries  after  manufacturing.  If  those  particles 
punctured  a  cell  wall,  they  could  cause  a  short 
circuit  and  thus  a  fire,  the  company  says. 

“You  try  to  eliminate  that  in  the  manufac¬ 
turing  process,  but  to  eliminate  them  100 
percent  is  very  difficult,”  says  Rick  Clancy, 
a  spokesman  for  Sony.  “Usually  when  you 
have  a  short  circuit,  it  might  lead  to  a  bat¬ 
tery  powering  down,  so  you’d  have  a  dead 
battery,  but  other  times  it  could  lead  to 
incidents  including  flaming.” 

The  troubles  prompted  the  IPC  (a  trade 
association  representing  component 
makers)  to  begin  work  in  September  on 
a  new  industry  standard  for  lithium  ion 
battery  production  and  quality  control. 

Dell,  Hewlett-Packard,  Lenovo  and  Polycom, 
among  others,  are  helping  craft  the  standard. 

“Our  message  is  that  public  safety  comes 
first,”  says  Tony  Corkell,  quality  and  stan¬ 
dards  executive  at  Lenovo.  The  group  aims  to 
publish  the  standard  by  the  second  quarter 
of 2007. 

The  recalls  have  also  prompted  the  ques¬ 
tion,  is  there  a  better  alternative  to  lithium 
ion?  Not  right  now,  but  maybe  in  a  few 
years.  Vendors  such  as  Panasonic  and  Casio 
continue  to  research  fuel  cell  technology. 

Panasonic  still  claims  lithium  ion  is  a 
“very  good  technology”  but  is  also  working 
on  fuel  cells,  says  Brian  Kimberlin,  director 
of  consumer  marketing  at  Panasonic  Bat¬ 
tery  Corp.  of  America. 

Fuel  cells  can  typically  keep  a  PC  run¬ 
ning  for  several  hours  on  a  small  squirt  of 
methanol.  Earlier  this  year  in  Tokyo,  Casio 
demonstrated  a  fuel  cell  for  notebook  PCs, 
early  versions  of  which  the  company  said 
would  ship  in  2007.  Casio  claims  the  pro¬ 
totype  could  work  about  four  times  longer 
than  a  comparably  sized  lithium  ion  battery. 

Many  laptop  makers  are  pursuing  the 
technology,  but  it  remains  too  immature 
for  commercialization.  Also,  the  airline 
industry  has  yet  to  approve  fuel  cells  for 
use  aboard  planes.  Despite  earlier  predic¬ 
tions  by  some  laptop  vendors  that  fuel 
cell-powered  machines  would  be  on  sale 
by  now,  they  remain  a  year  or  more  away 
from  shipping.  -Martyn  Williams 


18  OCTOBER  15,  2006  |  www.cio.com 


PHOTO  COURTESY  OF  MICROSOFT 


ISABELLE  MADE  LINUX 
DESKTOP-FRIENDLY 


■ 


■1  A 


WE  MADE  IT 
WALLET-FRIENDLY 


KSgj&B 


- ■<TIVT-. ; 


Your  Linux  is  ready.  ™ 

Introducing  SUSE,  Linux  Enterprise  Desktop  10  from  Novell,.  Built  by  a  global  community  and 
secured,  supported,  tested  and  proven  by  Novell,  it’s  all  you  need  to  work  faster,  tighten  security  and  lower  costs. 
With  3-D  graphics,  full  integration  with  Active  Directory  and  a  complete  office  productivity  suite,  this  total  enterprise 
alternative  to  Windows®  takes  usability  to  a  whole  new  level.  And  changes  the  way  the  world  works  forever. 


Get  it  at  www.novell.com/linux 


Novell* 

This  Is  Your  Open  Enterprise."’ 


Copyright  ©2006  Novell,  Inc.  All  rights  reserved.  Novell,  the  Novell  logo,  and  SUSE  are  registered  trademarks  and  This  Is  Your  Open  Enterprise,  Your  Linux  is  ready,  and  the  gecko  logo  are  trademarks  of  Novell,  Inc.  in  the  United  Stales 
and  other  countries.  -Linux  is  a  registered  trademark  of  Linus  Torvalds.  All  third-party  trademarks  are  the  property  of  their  respective  owners.  Novell  wishes  to  thank  the  thousands  of  developers  who  contribute  to  Linux  every  day 


TRENDLINES 


wireless  Will  one  of  the  most  high- 
tech  football  stadiums  in  the  country  help 
the  hapless  Arizona  Cardinals  give  fans 
more  victories?  Time  will  tell,  but  the  new 
$450  million  Cardinals  Stadium  will  give 
fans  access  to  700  high-definition  tele¬ 
visions  and  wireless  Internet  service  in 
95  percent  of  the  stadium. 

The  Cardinals,  together  with  tech¬ 
nology  partner  Insight  Enterprises,  have 
shown  how  even  a  team  with  a  small 
IT  department  (in  this  case,  just  four  IT 
staffers)  can  create  one  of  the  most  cus¬ 
tomer-friendly  U.S.  sporting  venues  via 


ubiquitous  wireless  access. 

“[The  Cardinals’]  client  is  the  fan,” 
says  Steve  Kedzior,  senior  vice  president 
of  Insight’s  Client  Solutions.  “We  had 
to  look  at  it  from  their  perspective. 

How  can  technology  improve  the  fan 
experience?” 

The  wireless  network,  along  with 
more  than  800  IP  phones,  should  help 
Cardinals  employees  process  ticket  sales 
quickly.  The  flat  screens  let  fans  keep 
watching  the  game  while  buying  food 
from  vendors  and  enable  the  Cardinals 
marketing  department  to  advertise  for 


The  new  $450  million  Cardinals 
Stadium  in  Phoenix  gives  the  team’s 
long-suffering  fans  wireless  Net  access 
and  its  coaches  slick  tech  tools. 


upcoming  games,  events  and  conferences. 

Event  planners  will  be  able  to  tap  into 
the  stadium’s  large  show  floor  with  more 
than  1,000  IP  drops.  That  floor  lives 
underneath  the  stadium’s  football  field, 
which  is  installed  on  a  unique,  retract¬ 
able  12  million-pound  tray  that  keeps  the 
grass  outside  until  game  day  for  maxi¬ 
mum  sun  exposure,  then  gets  rolled  in. 

The  new  converged  wireless  and 
wired  network  for  data  and  IP  voice, 
which  spans  the  stadium  and  the  team’s 
satellite  practice  and  training  facili¬ 
ties,  helps  the  Cardinals  IT  team  slice, 
dice  and  deliver  new  data  to  coaches  as 
needed  during  games. 

“They  watch  so  many  hours  of  video, 
and  it’s  all  digitized  now,”  says  Mark 
Keller,  senior  technology  director  for  the 
Cardinals.  “It’s  delivered  to  coaches  on 
their  laptop  over  our  backbone.” 

Many  people  will  get  their  first 
peek  at  the  stadium  during  the  team’s 
first  Monday  Night  Football  game  on 
Oct.  16;  it  will  also  host  the  2008  NFL 
Super  Bowl.  -C.G.  Lynch 


Where  Outsourcing  Is  Academic 


INNOVATION  Almost 
every  CIO  grapples  with  the 
question  of  how  much  to  out¬ 
source.  John  Bielec,  CIO  of 
Drexel  University,  helps  CIOs 
answer  that  question— and  in 
doing  so,  drives  new  revenue 
for  the  school.  Drexel  now 
serves  as  an  IT  outsourcer 
(for  example,  delivering 
course  management  software 
and  SAP  academic  software) 
to  approximately  50  colleges 
in  the  United  States  and 
United  Kingdom. 

The  program  gives  small 


colleges  (typically  those  with 
2,000  students  or  fewer) 
access  to  the  IT  resources, 
processes  and  services  of 
a  larger  university— includ¬ 
ing  Drexel's  data  center  and 
access  to  the  2GB  Internet2 
research  network.  For  four  of 
the  colleges,  Drexel’s  Office 
of  Information  Resources  and 
Technology  runs  the  whole  IT 
show,  from  course  registra¬ 
tion  to  payroll. 

“Our  arrangement  is  flex¬ 
ible,"  Bielec  says.  "The  univer¬ 
sity  presidents  have  access 


to  me  by  cell  phone.  I'm  their 
CIO  in  many  ways.” 

The  idea  emerged  in  the 
late  '90s,  when  Drexel  took 
over  the  largest  private 
medical  school  in  the  United 
States  and  ported  its  own 
systems  to  the  acquired  orga¬ 
nization  using  an  ASP  model. 
This  gave  Drexel’s  president, 
Constantine  Papadakis,  the 
idea  to  outsource  Drexel’s 
IT  expertise  and  drive  new 
income,  Bielec  says. 

Drexel  has  tapped  into  a 
growing  need.  Of  the  3,500 


U.S.  colleges  and  universi¬ 
ties,  half  have  2,000  or  fewer 
students.  These  schools  need 
to  deliver  an  increasing  vari¬ 
ety  of  technologies  to  keep 
attracting  students,  but  they 
can't  afford  constant  invest¬ 
ment  in  new  systems. 

Meanwhile,  Drexel,  with 
more  than  15,000  under¬ 
graduates,  uses  the  outsourc¬ 
ing  fees  to  keep  its  IT  costs 
steady.  Income  from  external 
partners  has  increased  400 
percent  since  fiscal  year 
2003,  Bielec  says.  The  effort 
now  funds  27  percent  of 
Drexel's  central  IT  costs. 

-L aurianne  McLaughlin 


20  OCTOBER  15,  2006  |  www.cio.com 


PHOTO  COURTESY  OF  ARIZONA  CARDINALS 


Uj* W3rGtlOUS0 


know 


ll  IIIM1II  III 


Microsoft' 

BizTalk  Server  2006 

GXS  Trading  Grid  is  Microsoft’s  recommended  global 
B2B  network  for  Microsoft  BizTalk  Server  2006. 


We’ve  combined  the  global  reach  of  GXS  Trading  GridS!^  integration 
services  platform  with  the  simplicity  of  Microsoft  BizTalk™  Server  20' 


Should  “just-in-time”  really  be  the  goal?  With  the  increasingly  opposing 
forces  of  global  supply  and  local  demand,  a  supply  chain  that  “knows- 
ahead-of-time”  will  do  more  than  reduce  costs,  it  will  grow  sales. 


Together,  they  can  transform  your  supply  chain  so  you  can  process  ,  -  ■  • 
deliveries  faster  and  ensure  that  you’re  more  adaptive  to  changes- .  -X 
in  demand.  So  your  warehouse  knows  ahead  of  time  what  your  ■  '  ,:?!■-  .?.• 
customers  want  even  before  they  do.  k.;X^X-kk 


GXS  and  Microsoft  have  partnered  to  deliver  a  new  level  of  supply 
chain  innovation  that  delivers  optimum  warehouse  efficiency  providing 
customer  demand  signals  direct  to  your  downstream  supply  chain. 


To  learn  more  about  how  GXS  and  Microsoft  can  help  you  create  a  customer-facing,  demand-driven  network, 

visit  www.gxs.com/microsoft.  Or  call  +1-301-340-4000  outside  the  US,  or  800-560-4347  in  the  US. 


Extend  Supply  Networks  |  Optimize  Product  Launches  |  Automate  Warehouse  Receiving  |  Gain  Supply  Chain  Visibility  |  Manage  Payments  and  Ca: 


pjt] 

If 

tc*  ■  .  -  . _A 

IS r 

just-irFtj 

TRENDLINES 


California  May  Mandate 

Wi-Fi  Warnings 


earning’. 

UNSECURED  ' 


wi-fi  Smart  move  or  silly 
warning?  That's  up  for  debate: 
The  California  Legislature 
has  asked  Wi-Fi  equip¬ 
ment  makers  to  warn 
buyers  of  wireless  LAN 
access  points  that 
strangers  can  tap  into 
a  wireless  network  that 
isn't  password-protected. 
A  bill  passed  by 
the  state  Sen¬ 
ate  in  August 
and  slated 
to  become 
effective  in  Janu¬ 
ary  would  require 
any  wireless  access 
point  for  homes  or 
small  businesses  to  come 
with  a  warning.  It  could  be  a 


sticker  or  a  page  in  the  configu¬ 
ration  software,  for  example, 
but  the  buyer  must  be  forced  to 
look  at  the  warning  before  using 
the  device.  At  press  time,  the 
bill  had  not  reached  Gov.  Arnold 
Schwarzenegger  but  was 
expected  to  earn  his  approval. 

“There  needs  to  be  a  level 
of  education  and  understand¬ 
ing  out  there  about  just  how 
easy  it  is  to  access  one  of  these 
systems,"  says  Richard  Stapler, 
spokesman  for  Assemblyman 
Fabian  Nunez,  who  introduced 
the  bill. 

However,  some  analysts  have 
pounced  on  the  effort,  which 
applies  to  products  made  after 
Oct.  1, 2007,  as  an  unnecessary 
state  regulation. 


“To  get  the  state  involved 
with  this  is  ridiculous,"  says 
Gartner  Group  analyst  Ken 
Dulaney.  "Don't  they  have 
anything  better  to  do?” 

Dulaney  says  anyone  using  a 
wireless  LAN  should  know  some¬ 
one  else  could  tap  into  it,  just  as 
people  buying  a  car  should  know 
they  could  get  in  a  crash.  And 
setup  wizards  for  most  wireless 
LAN  products  already  address 
security,  he  says. 

“It’s  one  more  crazy  tax  on 
suppliers"  that  ultimately  will 
be  passed  on  to  consumers, 
he  adds. 

As  for  CIOs  whose  employ¬ 
ees  use  wireless  access  points 
to  reach  the  enterprise  network 
from  home,  they  should  already 
assume  that  any  network  their 
employees  use  outside  the 
office  is  unsecured,  and  make 
using  a  virtual  private  network 
mandatory,  Dulaney  says. 

-Stephen  Lawson 


Could  Customers  Be 
Your  Best  Innovators? 


book  review  Many 
dotcom-era  business  plans 
based  on  “virtual  community” 
crashed  and  burned.  But  some 
companies  today  have  discov¬ 
ered  that  online  communities 
for  customers  not  only  provide 
business  value  but  also  become 
a  critical  component  of  their 
customer  relations,  R&D  and 
marketing  efforts.  That’s  one 
key  pi  ece  of  consultant  Patricia 
Seybold’s  new  book,  Outside 
Innovation,  which  posits  that 
companies  need  to  engage 
customers  in  more  innovative 


ways  to  help  redesign  prod¬ 
ucts,  improve  processes  and 
test  business  models. 

The  author  of  Custom  - 
ers.com  and  The  Customer 
Revolution  goes  into  great 
detail— using  dozens  of  case 
studies  from  heavyweights 
such  as  Staples  and  Kraft,  and 
lesser-knowns  such  as  Koko 
Fitness— to  get  executives  to 
wake  up  to  her  main  point: 
The  traditional  company- 
customer  relationship  (“We 
develop  products  for  our 
customers”)  has  flipped,  and 


those  who  ignore  this  reality 
do  so  at  their  own  peril. 

This  line  of  thinking 
requires  a  level  of  openness 
simply  not  found  in  many 
enterprises  today— a  faith  that 
customers’  passion  for  your 
products  and  services  will 
translate  into  revolutionary 
product  developments  and 
efficiency  for  you.  In  a  sense, 
it’s  R&D  on  the  cheap. 


Outside  Innovation:  How  Your 
Customers  Will  Co-Design 
Your  Company’s  Future 

Patricia  B.  Seybold 
Collins,  2006,  $26.95 


Seybold’s  examples  are 
noteworthy  for  their  innova¬ 
tions  and  financial  returns. 

Of  course,  companies  can’t 
handpick  customers,  espe¬ 
cially  ones  who  want  to  strut 
their  stuff  for  the  company,  so 
it’ll  take  a  lot  of  work  to  vet  the 
good  from  the  bad,  hammer 
out  the  relationship  details 
and  find  suitable  rewards  for 
customers’  efforts.  Much  more 
work,  it  seems,  than  many 
firms  are  willing  to  put  forth, 
Seybold  says. 

-Thomas  Wailgum 


22  OCTOBER  15,  2006  I  www.cio.com 


ILLUSTRATION  BY  MATTHEW  GOEBEL 


fat  •  ■■':'.ii< 


Information  lives  at  companies  that  know  how  to  leverage  their  intellectual  capital.  EMC®  Documentumf' content  management 
software  provides  the  industry’s  premier  platform  for  capturing,  securing,  managing,  and  accessing  information.  Which  helps|Jj 
companies  improve  productivity,  mitigate  risk,  realize  new  revenue,  and  lower  costs  more  than  with  any  other  provider.  To  find  out 

•  i  i  •  i  _  ..i  —  x.  L  aIm  ,  i  <4  a  o  m  /\  \i!r  1 4-  r*  rtffu/o  ra  C  A  A  r/am 


SB: 


tiqw  the  leader  in  content  management  can  help  you  do  the  same,  visit  software.  EMC.  comr'u ; 

T;, '-iOp, 

;VT''v' ’  ;! 

EMC.1  EMC  DOcumehtum,;and  where  Information  lives  are  '  M***-*-™^^*^*^^ 


documentum 


if :  alp/v 


■v. 


ill 


1  v  -/•?  *m  it*  H  a i  • 

SSWwIim 

r  ..-S  ‘  r. i/V/  ■  .  .  .* 


TRENDLINES 


bvthanumbers 

BY  DIANN  DANIEL 


Mobile  Mayhem 

CIOs  struggle  to  centralize  device  control 


THE  USE  OF  mobile  devices 
like  PDAs  and  Web-enabled  cell 
phones  continues  to  rise,  but 
CIOs'  control  of  them  does  not, 
according  to  a  recent  survey  of 
319  companies  by  The  Yankee 
Group.  The  current  lack  of 
control  hampers  device  man¬ 
agement,  obscures  enterprise¬ 
wide  usage  trends  and  inflates 
cost  per  device,  analysts  say. 
CIOs  will  continue  to  struggle 
to  centralize  purchasing  and 
management,  but  this  is  a 
battle  you  want  to  keep  fight¬ 
ing,  says  Yankee  Group  analyst 
Nathan  Dyer. 

CIOs  need  to  lay  the  foun¬ 
dation  for  how  more  devices 
and  greater  integration  will  be 
handled  in  an  overall  mobile 
strategy,  Dyer  says. 


The  Yankee  survey  found 
that  40  percent  of  today’s 
workforce  is  mobile,  defined  as 
spending  at  least  20  percent 
of  their  time  away  from  the 
primary  work  space.  Almost 
half  of  mobile  workers  use 
multiple  devices.  Twenty-seven 
percent  use  smart  cell  phones, 
68  percent  use  traditional  or 
dual-mode  cell  phones,  48  per¬ 
cent  use  PDAs,  and  89  percent 
use  notebook  PCs. 

Many  of  those  devices  are 
outside  the  CIO's  purview. 
“Notebooks  have  been  under 
IT  control  for  years  now,”  says 
Dyer.  However,  just  38  percent 
of  the  mobi  le  workforce  has 
company-issued  mobile  devices 
other  than  notebooks.  Com¬ 
panies  would  like  to  boost  that 


figure  to  58  percent  within  three 
years,  the  survey  stated. 

Today,  many  companies  still 
have  limited  control  over,  or 
even  visibility  into,  just  who  has 
mobile  devices  and  how  they 
use  them.  Since  many  users 
choose  their  own  devices  and 
expense  the  service  costs,  IT 
does  not  get  to  negotiate  dis¬ 
counts,  gather  peak  usage  data 
or  control  security. 

The  survey  also  investigated 
barriers  to  deploying  mobile 
data  services,  such  as  mobile 
e-mail,  CRM  and  asset-track¬ 
ing  applications.  Top  concerns 
include:  data  and  network 
security,  complexity  of  inte¬ 
grating  different  applications 
and  data  sources,  and  device 
management. 


MOST  WANTED:  MORE  CONTROL,  BETTER  SECURITY 

Most  Phones,  PDAs  Are  Outside  IT’s  Domain 

While  cell  phone  and  PDA  use  is  widespread,  CIOs  purchase  and  control  less  than  half  of  these  devices 


95%  of  mobile  workforce  uses  cell  phones 


48%  of  mobile  workforce  uses  PDAs 
38%  have  company-issued  phones  or  PDAs 


40% 


50% 


60% 


70% 


80% 


90% 


100% 


Big  Worries  About  Mobile  Data  Services 

Top  security  and  management  concerns  for  deploying  apps  like  mobile  e-mail  or  mobile  CRM 


42%  Data  security 
I  37%  Corporate  network  security 
36%  Complexity  of  integration 


0%  10%  20% 
SOURCE:  The  Yankee  Group 


32%  Device  management  issues 
30%  Staffing  and  support  costs 

28%  Lack  of  internal  management  expertise 

iiii 

30%  40%  50%  60%  70% 


I 

80% 


90% 


f 

100% 


Best 

Practices 

1.  Survey  mobile  device 
use.  Find  out  who’s  using 
which  devices  in  your 
company  and  how  they  are 
bought.  This  data  will  help 
you  craft  a  comprehensive 
policy  to  cover  purchas¬ 
ing  and  usage  guidelines, 
device  disposal  and  incident 
reporting. 

2 .  Create  a  forward- 
looking  mobile  strategy. 

Most  companies  still  craft 
mobile  device  purchasing 
rules  to  address  a  specific 
set  of  workers’  needs  or  a 
specific  business  applica¬ 
tion,  says  Nathan  Dyer,  a 
Yankee  Group  analyst.  Look 
beyond  voice  and  determine 
what  technologies  it  will  take 
to  support  Web  application 
integration. 

3.  Consider  outsourcing 
mobile  device  manage¬ 
ment.  Vendors  such  as  AT&T, 
Mindwireless,  Movero,  Sprint 
and  Traq  Wireless  on  the 
voice  side,  and  EDS,  Hewlett- 
Packard,  IBM  and  Sprint  on 
the  hybrid  voice  and  data 
side,  can  provide  analytics, 
support  services,  strategies 
for  reusing  devices,  and 

the  ability  to  remotely  “kill” 
stolen  or  lost  devices. 


24  OCTOBER  15,  2006  |  www.cio.com 


NEW  AGE  INFORMATION  MANAGEMENT: 

Utilizing  Backup  and  Archiving 

the  Right  Way 


As  business  requirements  change, 
backup  and  archival  technologies  have 
evolved  to  meet  them. 


It  used  to  be  enough  to  back  up  and  store  data  off-site — the  infor¬ 
mation  was  there  for  recovery  in  case  of  emergency  or  disaster. 

But  times  have  changed,  as  emerging  new  regulations 
increasingly  affect  how  companies  store  and  retrieve  their  data. 
Regulations  such  as  HIPAA  and  SEC  Rulel7a-3  and  17a-4 
specify  the  type  and  length  of  time  some  data  must  be 
stored,  while  mandates  such  as  SOX  and  Basel  II  require 
stricter  controls  on  how  information  is  managed. 

Meanwhile,  legislation  such  as  Gramm-Leach-Bliley  Act, 

FACTA,  and  local  state  breach  notification  statutes  con¬ 
tinue  to  up  the  ante  around  information  privacy  and  secu¬ 
rity — a  requirement  that  is  only  reinforced  by  the  increase 
in  malicious  activity  worldwide.  Moreover,  the  legal  sector 
is  requesting  more  and  more  electronic  information  as 
part  of  the  legal  discovery  process,  meaning  that  compa¬ 
nies  must  be  able  to  retrieve  information  quickly  at  an 
increasingly  detailed  level. 

“Information  management  requirements  have  dramat¬ 
ically  changed  over  the  past  five  or  six  years,”  says  Brian 
Babineau,  an  analyst  at  Enterprise  Strategy  Group,  an  IT 
analysis  and  research  company  in  Milford,  Mass. 

But  traditional  methods  of  storing  data  have  not.  Many  com¬ 
panies’  current  storage  strategies  depend  on  traditional  systems 
such  as  tape  backup  as  an  archiving  method,  with  the  thinking 
that  the  data  was  rarely  needed  and  accessed — a  strategy  that 
does  not  mesh  with  these  informational  changes. 

“Until  recently,  business  operations  did  not  require  the  acces¬ 
sibility  and  availability  of  historical  data,”  says  Babineau,  “and 
institutionally,  many  companies  have  not  realized  that  their 


processes  are  out  of  step  with  today’s  business  requirements.” 

But  today,  the  two  processes  serve  very  different  needs.  Data 
backup,  in  which  information  is  copied  and  stored  off-site  daily  as  a 
protective  factor,  is  designed  to  protect  against  short-term  data  loss, 
such  as  accidental  deletion,  device  failure,  and  data  corruption. 

Archiving,  on  the  other  hand,  is  the  long-term  storage  and 
retention  of  a  point-in-time  copy  of  information  for  a  specific 
business  purpose.  That  kind  of  retrieval  needs  to  be  fairly  gran¬ 
ular — for  example,  as  required  by  legal  discovery  purposes. 

And  as  the  need  to  retrieve  information  becomes  more  fre¬ 


quent,  companies  are  finding  that  using  backup  as  an  archival 
mechanism  is  both  time-consuming  and  costly.  Faced  with  this 
reality,  leading  CIOs  are  beginning  to  treat  backup  and  archiving 
of  information  as  separate  processes.  “Companies  are  starting  to 
realize  the  benefits  of  having  two  distinct  processes  to  solve  dif¬ 
ferent  business  requirements,”  says  Babineau.  “One  process  is 
about  what  happens  if  you  lose  data,  while  the  other  is  about 
what  happens  when  you  need  to  find  information.” 


CIO 


▲ 


Custom  Publishing 

Advertising  Supplement 


IRON  MOUNTAIN' 


ARCHIVAL  BUSINESS  REQUIREMENTS 

CIOs  should  start  separating  these  processes  by  defining 
and  analyzing  the  new  business  requirements  behind  data 
archiving.  By  doing  so,  they  can  start  building  a  strategy 
that  fully  answers  both  backup  and  archival  challenges. 
Some  of  the  big  issues  include: 


ADVERTISING  SUPPLEMENT 


l 


DATA 


PROTECTION 


TECHNOLOGY 


Many  people  think  that  if  you  introduce 
archiving  you  have  to  change  everything,  but 

the  reality  is  that  you  don’t.  — Brian  Babineau,  Enterprise  Strategy  Group 


■  ELECTRONIC  DISCOVERY.  Backup  technology  usually  does  not 
index  information  at  a  very  detailed  level,  making  it  difficult  to 
search  for  specific  records  based  on  granular  content. 

Archiving  technology  will  index  information  at  a  far  more 
granular  level.  When  it  comes  to  legal  discovery,  companies 
may  field  requests  to  find  individual  emails  sent  by  a  particular 
person  on  a  specific  day.  In  these  cases,  archiving  technology’s 
ability  to  quickly  search  and  retrieve  individual  files  is  a  huge 
benefit,  particularly  since  companies  that  cannot  comply  with 
discovery  requests  can  face  stiff  fines. 

■  COMPLIANCE  ISSUES.  Many  companies  are  required  to  retain 
specific  electronic  business  records,  certify  that  they  remain 
unchanged,  and  make  sure  that  proper  controls  are  in  place  to 
guarantee  the  integrity  of  such  data.  Archiving  technologies, 
which  can  remove  inactive  data  from  production  systems  and 
keep  that  data  accessible  on  lower-cost  storage  media,  are  a 
good  fit  for  this. 

■  INCREASED  EFFICIENCY.  Pulling  non-transactional  data  from 
production  systems  means  that  CIOs  have  to  back  up  and  save 
less  production  data.  “If  you  archive  that  file,  you’re  not  back¬ 
ing  it  up,  and  that’s  where  efficiencies  are  gained,”  says 
Babineau.  Result:  More  efficient  storage  management. 

Newer,  high- retrieval  archive  systems  allow  CIOs  to  easily 
index  and  search  information,  as  well  as  assign  archival  require¬ 
ments  as  the  data  is  created.  “The  ability  to  classify  information 
is  probably  one  of  the  most  important  technology  trends  we 
have,”  says  Babineau.  “It  gives  us  insights  we  haven’t  had  before, 
and  depending  on  archival  requirements  can  align  data  across 
appropriate  levels  of  storage.” 

Archival  technology  can  also  improve  storage  resource  utiliza¬ 
tion  by  matching  the  accessibility  and  availability  requirements  of 
archived  data  with  the  appropriate  level  of  storage.  Data  that  is  regu¬ 
larly  subject  to  possible  legal  discovery  or  compliance  audits  should 
be  protected  using  technology  that  stores  it  in  way  that  makes  it 
indexed,  searchable  and  easily  retrievable.  Data,  not  typically  subject 
to  legal  and  compliance  requests,  can  be  stored  more  cost-effectively 
using  traditional  methods  like  tape  and  protecting  it  off-site. 


read  many  times  in  the  future,  and  it  doesn’t  need  to  be  on 
the  primary  financial  application  system,”  says  Babineau. 
Similarly,  many  application  files  also  contain  information  that 
hasn’t  changed  in  years,  and  would  work  well  with  archival 
technology.  CIOs  should  then  assess  their  technical  ability  to 
properly  archive  this  information.  What’s  the  retrieval  fre¬ 
quency,  and  how  quickly  must  it  be  retrieved?  How  long  must 
it  be  retained?  How  will  the  information  be  organized  and 
classified?  These  questions  will  help  CIOs  choose  the  proper 
archival  method — or  a  service  provider  trained  in  archival 
technologies.  Other  considerations  include  the  value  of  the 
data  to  be  archived,  and  the  financial  ramifications  of  not 
archiving  the  appropriate  data  the  right  way. 

RESULTS 

By  creating  separate  backup  and  archival  processes  that  work  in 
tandem,  CIOs  can  maximize  their  success  with  both  mecha¬ 
nisms.  Transactional  or  changing  data  will  continue  to  be  pro¬ 
tected  through  backup  technology,  but  the  process  will  be 
streamlined  as  non-transactional  data  shifts  to  archival. 

“Many  people  think  that  if  you  introduce  archiving  you  have 
to  change  everything,  but  the  reality  is  that  you  don’t — archiving 
augments  the  backup  process  by  archiving  old  data  first.  Then 
companies  back  up  only  what’s  most  recently  changed,”  says 
Babineau.  Optimally,  the  archive  system  becomes  another  object 
in  the  backup  process,  and  archived  data  is  backed  up  as  new  data 
is  added.  “The  only  thing  that  archival  does  to  backup  processes 
is  to  add  another  system  target  to  be  backed  up  infrequently,”  he 
says.  Meanwhile,  companies  can  take  advantage  of  archiving 
technology’s  classification  and  retrieval  capabilities  to  ensure 
legal  and  regulatory  compliance. 

By  separating  the  two  processes  and  building  a  strategy  that 
emphasizes  the  strengths  of  each,  CIOs  can  best  support  the 
changing  business  world  around  them.  “As  business  operations 
respond  to  change,  the  influences  driving  information  manage¬ 
ment  have  also  altered,”  says  Babineau.  “Building  an  integrated 
backup  and  archival  strategy  lets  CIOs  support  and  meet  these 
new  challenges.”  • 


WHAT  SHOULD  BE  ARCHIVED? 

In  general,  information  that  is  not  going  to  change,  but  must 
be  retained  for  legal,  general  business,  or  regulatory  purposes. 
Next,  “Take  what  you  have  to  archive  and  identify  the  sources 
of  information  that  create  that  type  of  information,”  says 
Babineau.  E-mail,  which  contains  a  vital  record  of  much 
ongoing  business,  is  the  most  popular  archival  candidate,  but 
databases  and  application  files  are  also  good  sources.  “A  lot  of 
data  in  databases  is  not  going  to  change— it’s  write  once  and 


▲  IRON  MOUNTAIN* 

For  more  information  on  how  to  implement 
complete  data  protection  strategy,  go  to: 
www.ironmountain.com/archiving 

©  2006  Iron  Mountain  Incorporated.  All  rights  reserved.  Iron  Mountain 
and  the  design  of  the  mountain  are  registered  trademarks  of  Iron  Mountain 
Incorporated.  All  other  trademarks  and  registered  trademarks  are  the 
property  of  their  respective  owners. 


2 


US-MV-AD-905-06-001 


2006  ANNUAL  AWARD  WINNERS 


The  2006  CIO  100  honorees  were 
selected  for  achieving  important 
business  goals  through  the  innovative 
use  of  IT.  Innovation  was  a  continous 
topic  at  the  CIO  100  sympsoim,  where 
the  CIO  100  received  their  award. 

The  following  supporting  companies 
continue  the  conversation  online  with 
the  CIO  100  podcast  series  exploring 
the  topic  of  innovation. 


Tune  in  at: 

www.cio.com/podcasts/ 

innovationpodcasts.html 


amdb  Apani 

Smarter  Choice 


Legendary  Reliability* 


at&t 


EMC2 

where  information  lives* 


FUJITSU 


orange" 


Business  perotsystems  prim  aver  a 

Services 


SIEMENS 


$ 


sterling 

commerce 


An  AT&T  Company 


Sybase 


CIO  100  is  Presented  by 


Business 

Technology 

Leadership 


2006  CIO  100  Honorees 
A.  Duie  Pyle 
Advanced  Health  Media 
Aflac 

Afloat  Training  Group 
AIG  Domestic  Brokerage  Group 
Air  Force  Reserve  Command,  H.Q. 
Alere  Medical 
APL  Logistics 
Applera 
Atmos  Energy 
Austin  Energy 
Ball  State  University 
Baptist  Health  South  Florida 
Berlin  Packaging 
Broward  County  Office  of 
Information  Technology 
BT  Group 

Capital  One  Financial 
Case  Western  Reserve  University 
CompuCredit 
ConocoPhillips  Refining 
and  Marketing 
Con-Way 

Cooper  Communities 
CSX  Technology 
Defense  Logistics  Agency 
Dell 

Deutsche  Bank  Securities 
Discover  Financial  Services 
Drexel  University 
Dunham  and  Smith  Agencies 
E*TRADE  Financial 
Echostar  Satellite 
Fairfax  County  Public  Schools 
Federal  Financial  Institutions 
Examination  Council 
FedEx  Ground  Package  System 
Foley  &  Lardner 
General  Motors 

Goodwill  Industries  International 
The  Goodyear  Tire  &  Rubber  Co. 
Great  American  Financial  Resources 
Harrahs  Entertainment 
Hess 

Highmark 

Hitachi  Global  Storage  Technologies 

Hygeia 

ING  Group 

Intel 

International  Truck  and  Engine 
Intrax  Cultural  Exchnage 
Iowa  Department  of  Administrative 
Services 
JEA 

King  County 


KnowledgeBase  Marketing 
Lance  Armstrong  Foundation 
Lifespan 
Litle  &  Co. 

Lord,  Abbett  &  Co. 

Marriott  International 
MediSend  International 
MoneyGram  International 
Monsanto 

Nanyang  Polytechnic 
Network  Services  Co. 

Nexsen  Pruet  Adams  Kleemeier 
Nielsen  Media  Research 
NOAA  Undersea  Research  Center 
Northrop  Grumman 
Oakland  County  Michigan 
Ochsner  Clinic  Foundation 
The  Ohio  State  University  Medical 
Center 

Oregon  State  University 
Panasonic  Automotive  Systems 
Co.  of  America 
Partners  Healthcare 
Pfizer 

Pierce  County 
Pitt  County 

PNC  Financial  Services  Group 
The  Procter  &  Gamble  Co. 
Quicken  Loans 
Royal  Bank  of  Canada 
Russell  Investment  Group 
Sarasota  County  Government 
Shell  Vacations 
SIRVA 

Society  of  Worldwide  Interbank 
Financial  Telecommunication 
Southern  Co. 

SRL  Ranbaxy 
Taleo 

Trico  Products 
United  Parcel  Service 
United  States  Marine  Corps 
Systems  Command 
University  of  Chicago  Hospitals 
University  of  Missouri  -  Rolla 
University  of  Rochester 
The  University  of  Texas  M.  D. 
Anderson  Cancer  Center 

Vanguard 

Wake  Forest  University 
Washington  Metropolitan  Area 
Transit  Authority 
Washtenaw  County 
Wells  Fargo  Wholesale  Internet 
&  Treasury  Solutions 

YRC  Worldwide 


Location,  Location,  Location... 


It's  fundamental  to  your  business.  Are  you  leveraging  your  location  data? 

Customer  addresses,  time  zones,  office  facilities,  service  areas,  political  boundaries,  critical  shipments, 
utility  networks,  field-workers,  real  estate,  mobile  assets,  and  warehouses — location  is  mission  critical 
in  every  organization. 

By  leveraging  the  location  information  that  is  inherent  in  your  information  systems,  you  can  manage 
your  organization  more  efficiently  and  cost-effectively,  helping  you  gain  a  competitive  advantage. 

ESRI  technology  is  a  standards-based,  scalable,  and  interoperable  platform  that  can  exploit  location 
data  in  your  business  processes.  With  ESRI  geographic  information  system  (GIS)  technology,  you  can 
make  location  information  and  analysis  available  to  the  people  in  your  organization — at  all  levels — 
who  need  it  most. 


To  learn  more  about  leveraging  your  location  data,  please 
visit  www.esri.com/it  or  call  1-888-373-1192. 

You  have  the  location  information;  put  it  to  work  for  you. 


ESRI 


Copyright  ©  2005  ESRI  All  rights  reserved  The  ESRI  globe  logo,  ESRI,  ArcMap.  www.esri.com,  and  Ardnfo  are  trademarks,  registered  trademarks,  or  service  marks  of  ESRI  in  the  United  States,  the  European  Community,  or  certain  other  jurisdictions. 


ESSENTIAL 


FROM  INCEPTION  TO  IMPLEMENTATION  — I. T.  THAT  MATTERS 


Streaming  video 
dips  are  invading 
your  network.  Get 
a  grip  now  or  deal 
witnthe  pain  later. 


Video  Bellyaches 

BY  LAURIANNE  MCLAUGHLIN 

VIDEO  |  Every  single  day,  according  to  Web  phenom  YouTube,  people  watch  more  than 
1  million  streamed  video  clips  on  the  site. 

Do  you  know  how  many  your  employees  watch?  You  should.  The  soaring  popularity 
of  Web  video  can  expose  your  company  to  bandwidth  problems  and  other  trouble  if  you 
don’t  manage  it  wisely. 

More  video— both  recreational  and  business-related— now  eats  up  your  network’s 
bandwidth  than  ever  before  thanks  to  several  converging  trends.  In  addition  to  YouTube, 
a  growing  pool  of  video  on  news  and  sports  sites  like  CNN  and  ESPN  tempts  employees  to 
dive  in  at  work.  Advertising  companies  push  clever  viral  video  clips  to  promote  products 
from  sports  drinks  to  movies.  Low-cost  video  cameras  and  editing  software  encourage 
people  to  produce  family  vacation  blockbusters  and  share  them  online  with  friends  and 
colleagues.  On  a  different  (and  more  legitimate)  note,  companies  increasingly  use  video 
for  employee  training.  (Video  training  costs  less  than  in-person  training,  especially  for 
companies  with  multiple,  far-flung  offices,  and  can  help  verticals  such  as  the  food  services 
industry  satisfy  regulatory  training  requirements.)  And  as  companies  offer  more  and 
more  video  on  customer-oriented  websites,  their  own  employees  must  review  that  video 


ILLUSTRATION  BY  ANASTASIA  VASILAKIS 


www.cio.com  |  OCTOBER  15,  2006  27 


esseniial  technology 


over  the  WAN. 

The  problem  is  this:  Your  enterprise 
network  is  a  pipe  that  has  just  so  much 
bandwidth,  and  if  streamed  video  con¬ 
sumes  too  much  of  that  pipe  at  once, 
applications  run  slowly  and  documents 
take  a  long  time  to  open.  These  situa¬ 
tions,  of  course,  can  prevent  critical  busi¬ 
ness  from  getting  done  expeditiously  and 
prompt  the  dreaded  question:  What’s 
going  on  with  the  network?  IT  needs  to 
get  a  handle  on  video  before  it  degrades 
the  enterprise’s  ability  to  conduct  its  busi¬ 
ness.  Yet  industry  research  shows  many 


Stock  Car  Auto  Racing  (Nascar).  “We  post 
a  lot  of  video  clips  on  the  Intranet.” 

As  Nascar.com  and  its  partners  deliver 
ever  more  race  highlights  and  driver  inter¬ 
views  to  fans,  Worling’s  employees  must 
review  them,  which  means  they  work 
with  more  video  every  day  over  the  net¬ 
work.  And  all  that  video  traffic  must  com¬ 
pete  with  the  other  apps  on  the  WAN  for 
bandwidth.  Consequently,  “We’re  seeing 
those  pipes  get  more  congested,”  Worling 
says.  His  peers  in  industries  like  travel 
and  entertainment  see  a  similar  situa¬ 
tion  developing  as  their  companies  offer 


“Two  years  ago,  we  weren’t  doing 
what  we’re  doing  now  with  video. 
The  pipes  a  re  getting  congested.” 

-Steve  Worling,  Nascar  manager  of  IT  infrastructure 


CIOs  have  not  done  the  baseline  analysis 
to  understand  how  much  of  the  overall 
pipe  is  being  taken  up  by  video,  business 
apps,  regular  Web  browsing  and  other 
sneaky  bandwidth-eaters  like  Skype. 

Flatly  ordering  employees  not  to  watch 
streamed  sports  coverage  while  at  work 
may  or  may  not  be  part  of  your  bandwidth 
management  plan;  that  depends  on  lots  of 
factors  including  your  corporate  culture. 
But  now’s  the  time  to  explore  strategies 
and  tools  to  better  manage  video. 

Nobody  Wants  a  Video  Clog 

As  a  CIO,  maybe  you’re  tempted  to  say, 
“There’s  an  easy  answer  to  video  pollution. 
From  now  on,  there  won’t  be  any  stream¬ 
ing  video  on  my  network.  End  of  problem.” 
But  at  a  growing  number  of  enterprises, 
it’s  impossible  to  deny  employees  access 
to  video.  They  need  it  to  do  their  jobs.  And 
once  your  company  starts  working  with 
video,  you  may  be  surprised  how  quickly 
the  amount  of  it  grows,  CIOs  say. 

“Two  years  ago,  we  weren’t  doing  one- 
third  of  what  we’re  doing  now  with  video,” 
says  Steve  Worling,  manager  of  IT  infra¬ 
structure  for  the  National  Association  for 


up  more  video  to  consumers,  and  their 
employees  spend  more  time  working  with 
that  video  over  the  WAN. 

At  Nascar,  Worling’s  bandwidth  woes 
are  compounded  by  the  fact  that  in  cer¬ 
tain  departments  like  legal,  users  send 
a  lot  of  large  documents  between  offices 
on  the  WAN,  taking  up  another  big  slice 
of  the  pipe.  One  result:  Those  users  saw 
it  taking  longer  to  trade  and  open  those 
important  documents,  says  Worling.  So 
now  one  of  his  priorities  is  to  tackle  the 
bandwidth  problem. 

Analyze  This! 

As  an  IT  department  tackles  video,  it  faces 
several  options:  Block  streaming  video 
entirely,  set  defined  limits  or  use  a  “dim¬ 
mer  switch”  approach  to  ensure  that  criti¬ 
cal  apps  get  bandwidth  first.  To  make  sure 
employees  understand  the  rules  about 
video  use,  you’ll  want  to  update  your 
company’s  Internet  use  policy.  (For  advice 
on  how  to  do  this,  see  “Your  Internet  Use 
Policy,”  this  page.)  You  may  also  need  net¬ 
work  appliances  to  help  manage  video,  or 
a  bigger  Internet  pipe.  But  the  first  item  on 
your  to-do  list  must  be  analysis. 


Your  Internet 
Use  Policy 


Employees  need  to 
understand  the  rules 

HOW  CAN  YOU  construct  a  solid 
policy?  Here  are  some  key  tips: 

1.  Get  HR  involved.  IT  should  list  the 
technologies  to  be  mentioned  in  the 
policy,  and  HR  should  ensure  the 
rules  are  explained  in  layman's  terms, 
says  Jennifer  Berman,  a  managing 
director  with  CBIZ  Human  Capital 
Services,  a  business  services  firm. 

2.  Be  dear  and  specific.  “Use  real 
examples  of  what’s  permissible,”  Ber¬ 
man  says.  Address  online  shopping, 
sports  scores,  streaming  video.  The 
more  specific,  the  better,  she  says. 
The  policy  templates  she  provides 

to  clients  increasingly  mention  new 
technology  such  as  video,  social 
networking  and  IM. 

3.  Understand  that  video  can  fuel 
hostile  workspace  claims.  There 
are  “inappropriate  videos”  on  sites 
such  as  YouTube,  says  Scott  Fisher, 
an  attorney  at  law  firm  Fowler  White 
Boggs  Banker,  that  could  lead  to  dis¬ 
crimination,  harassment  and  hostile 
workplace  suits  filed  against  compa¬ 
nies  that  have  allowed  those  videos  to 
come  into  the  enterprise. 

4.  Make  avenues  for  complaints 
clear.  Employees  must  understand 
how  to  report  violations,  Fisher  says. 
And  managers  need  training  on  how 
to  deal  with  violators,  says  Berman. 

5.  Review  policies  at  least  yearly. 

“There’s  so  much  in  this  arena  that 
takes  place  in  a  year.  You  want  to 
make  sure  your  policy  covers  a  new 
situation  or  device,”  Fisher  says. 

-L.M. 


28  OCTOBER  15,  2006  |  www.cio.com 


V*  v.-r  t; 

1  '  *•  A  .  . 


:  •  ;■  -  ■  Vv 

V  ■'••••  •  M' 


Keeping  up  with  new  customers. 


Kimberly-Clark  Corporation  is  home  to  some  of  the  world’s  most  trusted 
brands— like  HUGGIES  and  KLEENEX.’  With  operations  in  43  countries, 
the  company  needed  to  simplify  its  operations.  HP  Services  implemented 
a  standardized  IT  environment  running  on  HP  Integrity  servers  that  helped 
streamline  the  move  into  new  markets  and  speed  the  integration  of  disparate 
technology  into  their  operations. Today,  Kimberly-Clark  enjoys  a  41%  lower 
TCO  of  IT,  and  is  able  to  stay  ahead  of  its  customers. 


.  .  »  v  •> 


essential  technology 


Take  a  close  look  at  what’s  lurking  on 
the  WAN.  Companies  already  use  Web 
filtering  technology  to  block  offensive 
sites  and  monitor  employee  surfing, 
but  it’s  surprising  how  few  have  taken  a 
cold  hard  look  at  bandwidth  utilization 
on  the  WAN  down  to  the  level  of  specific 
apps  and  sites,  says  Forrester  Research 
Senior  Analyst  Robert  Whiteley.  You 
need  to  understand  which  applications 
take  what  percentage  of  your  overall 
bandwidth  pipe,  Whiteley  says. 

For  instance,  you  want  to  know  if 
employee  visits  to  YouTube  are  taking 
10  percent  of  that  overall  pipe,  because 
you  might  need  to  make  that  bandwidth 
available  for  business  apps— say  the  new 
Web  apps  you’re  rolling  out  as  part  of 
your  SOA  strategy. 

“It’s  amazing  how  little  quality-of-ser- 
vice  research  is  done,”  Whiteley  says,  to 
ensure  that  the  apps  that  are  most  impor¬ 
tant  to  the  business  get  the  necessary 
amount  of  bandwidth  to  keep  them  hum¬ 
ming.  Just  11  percent  to  13  percent  of  IT 
organizations  analyze  bandwidth  usage 
down  to  the  detail  of  individual  applica¬ 
tions,  according  to  Forrester. 

Companies  such  as  Cisco,  Expand 
and  Racketeer  have  long  offered  band¬ 


width  management  products,  such  as 
Cisco’s  WAN  optimization  hardware 
and  software  solutions,  which  can  help 
you  monitor  and  manage  bandwidth 
allocation.  But  now  they  are  addressing 
the  video  trend.  Cisco  offers  software 
that  gets  added  to  its  WAE  appliances 
or  its  widely  deployed  Integrated  Ser¬ 
vices  Routers  to  specifically  manage 
bandwidth  problems  related  to  video. 
The  software,  according  to  Cisco,  will 
compress  and  cache  the  video  (so  it 
doesn’t  travel  repeatedly  over  the  WAN) 
and  eliminate  unnecessary  “chattiness” 


between  apps  and  video  (like  instruc¬ 
tions  and  status  updates). 

Tool  Talk 

A  new  breed  of  appliances  from  compa¬ 
nies  such  as  Blue  Coat  offer  caching  and 
compression,  plus  the  ability  to  ensure 
oversight  of  all  video  traffic  and  then 
simplify  that  oversight.  These  boxes, 
which  usually  live  at  the  Internet  gate¬ 
way  on  the  network,  offer  a  wide  variety 
of  rules  and  policies  that  can  be  applied 
and  managed.  Blue  Coat’s  SG  appli¬ 
ances  give  you  the  option  of  blocking  all 
streaming  video,  video  from  specific  sites 
or  just  from  parts  of  sites.  (For  instance, 
you  might  allow  CNNMoney  but  not 
CNNSI.)  Or  you  can  choose  to  block  all 
streaming  sites  except  a  specific  group 
during  business  hours. 

Then  there’s  the  dimmer  switch 
approach:  letting  streaming  video  take 
only  a  certain  percentage  of  your  overall 
bandwidth— after  that,  users  will  have  to 
live  with  slower  video. 

In  the  future,  says  Joe  Skorupa,  a  Gart¬ 
ner  research  VP,  CIOs  can  expect  to  see 
more  multifunction  WAN  appliances  that 
will  handle  caching,  compression,  appli¬ 
cation  performance  monitoring,  block¬ 


ing,  security  and  maybe  VPN  tasks. 

Another  reason  to  consider  an  appli¬ 
ance  is  if  your  company  has  centralized 
servers  to  simplify  Sarbanes-Oxley  com¬ 
pliance  by  putting  all  backup  data  in 
one  location.  In  that  case  your  users  are 
now  sending  more  and  more  data  over 
the  WAN  rather  than  grabbing  it  from  a 
local  server.  This  can  cause  documents 
or  apps  to  slow  down. 

Nascar’s  Worling,  who  experienced 
just  this  problem,  is  adding  bandwidth 
optimization  appliances  from  Juniper  to 
Nascar’s  network  (Juniper’s  WXC  500 


19% 

of  Americans 
— about  47M 
oeople— 
nave  viewed 
Internet  video 
in  the  past 
month;  12% 
have  done  so 
in  the  past 
week. 

SOURCE:  Arbitron/Edison  Media  Research 


and  WXC  250  models).  But  that  change 
alone  won’t  be  enough  to  address  Nas¬ 
car’s  needs.  If  you  have  a  large  amount  of 
business-related  video  traffic,  an  appli¬ 
ance  will  often  help,  but  you  may  also 
need  to  upgrade  your  Internet  pipes. 

Time  for  a  Bigger  Pipe? 

In  some  cases,  setting  rules  with  users  and 
implementing  network  appliances  will  give 
you  adequate  control  over  the  video  situa¬ 
tion.  But  for  companies  with  heavy  video 
consumers,  you  may  also  decide  you  need 
a  better  Internet  connection. 

Nascar  came  to  this  conclusion  and 
recently  installed  a  20Mb  Internet  con¬ 
nection,  replacing  a  3Mb  T1  in  its  Day¬ 
tona  office  at  about  the  same  monthly  cost. 
(Nascar’s  provider,  Brighthouse,  brings 
fiber  right  to  the  building  and  offers  com¬ 
petitive  rates.)  Nascar  currently  has  a  5Mb 
connection  in  its  Concord,  N.C.,  office  and 
is  looking  for  alternatives  to  T1  for  its 
other  offices  in  Charlotte,  N.C.,  New  York 
City  and  Los  Angeles. 

Later  this  year,  Worling  will  also  deploy 


Hackers  are  writing  spyware  and 
virus  code  to  work  with  IM,  VoIP 
and  software  used  to  view  video. 


30  OCTOBER  15,  2006  |  www.cio.com 


V  ...  '  1  . 


80"  '  OF  APPLICATIONS 

ARE  DEPLOYED  UNTESTED. 

lOO^OF  CUSTOMERS 

REALLY 

HATE  THAT 


Bad  applications  are  bad  business.  Because  to 
your  customers,  applications  are  not  just  code. 
Applications  are  the  company.  And  if  it  isn’t  right, 
the  whole  company  gets  blamed. 

Now  more  than  ever  you  need  to  invest  in  automated 
software  quality  testing  and  management  solutions 
from  the  leader,  Mercury.  Mercury’s  software 
optimizes  applications  in  a  broad  range  of 
environments.  Web-based  dashboards  give  I.T. 
execs  and  global  project  teams  visibility  into  status 
and  progress  of  quality  efforts.  Your  Quality 


Assurance  team  can  even  test  applications  before 
they’re  finished,  to  help  ensure  timely  release 
schedules,  the  highest  levels  of  quality,  and  lower 
development  costs. 

Delivering  high  quality,  high  performance  applications 
is  a  critical  way  to  optimize  the  business  outcomes 
of  I.T.  And,  your  customers  will  love  you  for  it. 


MERCURY 

BUSINESS  TECHNOLOGY  OPTIMIZATION 

Visit  www.mercury.com/qa/cio  or  just  call  866.379. 


essential  technology 


multiprotocol  label  switching  (MPLS)  net¬ 
work  infrastructure  to  tie  offices  together 
with  1.54Mbps  data  connections. 

“[MPLS]  will  allow  all  the  offices  to  talk 
to  each  other  without  routing  through 
one  central  point  like  the  Daytona  office,” 
Worling  says.  “We  currently  share  point- 
to-point  Tls  that  point  back  to  the  Day¬ 
tona  office  with  our  voice  applications.” 
With  the  MPLS  design,  data  from  branch 
offices  won’t  have  to  travel  back  and  forth 
to  Daytona  as  much,  which  improves  the 
WAN  bandwidth  picture. 

Still  not  convinced  you  need  to  change 
the  way  you  manage  video?  Well,  clogged 
pipes  and  lethargic  apps  are  not  the  only 
problems  the  video  explosion  is  intro¬ 
ducing  to  the  enterprise.  Does  the  word 
storage  get  your  attention?  How  about 
security ? 

Wait-.Jt  Gets  Worse 

As  companies  create  more  video,  IT  must 
store  it.  And  video  files  aren’t  small.  Wor¬ 
ling  must  store  a  growing  amount  of  video 
that  Nascar  uses  to  do  crash  analysis.  His 
storage  requirements  and  costs  are  rising, 
so  he  must  get  more  efficient.  “We  just 
bought  a  SAN  and  are  consolidating  some 
storage,”  Worling  says. 

At  Purdue  University,  Interim  VP  for 
Information  Technology  and  CIO  Gerry 
McCartney  says  it’s  hard  to  forecast  the 
video  clip  volume  on  the  network  in  the 
next  few  years,  and  this  complicates  his 
storage  planning. 

“We’re  seeing  an  increase  in  e-mail  stor¬ 
age,  and  we  attribute  part  of  that  to  videos 
sent  via  e-mail,”  he  says.  Purdue  students 
currently  get  a  storage  limit  of  500MB 
(after  that  they  must  clean  out  their  mail¬ 
boxes),  but  the  college  may  increase  that 
limit  to  1GB,  partly  due  to  the  video  factor. 


The  Tech  You  Crave 


Looking  for  the  LATEST  INFO  ON  ENTER¬ 
PRISE  TECHNOLOGY?  Get  case  studies, 
tutorials,  blogs  and  more  at  CIO's  Technol¬ 
ogy  Resource  Center.  Find  it  at  www.cio. 
com/technology 

cio.com 


he  says.  That  means  Purdue’s  e-mail  serv¬ 
ers  require  more  storage. 

The  university  is  also  having  to 
increase  storage  due  to  video  training  that 
it’s  using  to  teach  employees  ERP  applica¬ 
tions,  McCartney  says. 

And  in  addition  to  storage,  security 
could  become  a  video-related  headache 
for  CIOs,  says  Forrester’s  Whiteley. 

Today’s  hackers  are  writing  small, 
nimble  pieces  of  spyware  and  virus  code 
that  they  can  quickly  modify  to  work 
with  various  types  of  programs,  includ¬ 
ing  IM,  VoIP  or  the  player  software  that 
people  use  to  view  video  clips,  Whiteley 
says.  Right  now,  the  risk  is  theoretical,  he 
says,  but  should  be  on  a  CIO’s  radar. 

In  one  of  the  first  examples  of  mali¬ 
cious  code  being  delivered  via  video  tools, 
antispyware  vendor  Webroot  reported 
in  August  that  it  located  a  Trojan  horse 
program  called  Zlob,  pretending  to  be  an 
update  to  Windows  Media  Player.  Users 
clicking  on  video  clips  were  asked  to 
download  the  update,  which  included  the 
Zlob  malware,  and  it  proceeded  to  seek 
out  other  malware  to  install  on  those  PCs, 
according  to  Webroot.  The  problem  with 
malware  like  this  is  you  typically  don’t 
know  what  the  intent  of  the  virus  writers 
is— to  install  “bot”  software  to  control  the 
PC,  to  look  for  data  on  your  network  or 
just  to  cause  mischief. 

Bottom  line:  CIOs  will  need  to  watch 
how  the  amount  of  video  on  the  network 
evolves  and  be  prepared  to  change  the 
rules  accordingly,  says  Matthew  Misze- 
wski,  CIO  of  Wisconsin.  “Our  normal  Web 
filter  blocks  inappropriate  traffic,”  he  says, 
but  he  hasn’t  had  to  make  a  move  like  for¬ 
bidding  ESPN  during  business  hours  for 
bandwidth  reasons.  “We’ve  thought  about 
it,”  he  says.  “But  I  don’t  think  it  would  be 
a  popular  move.  If  it  gets  out  of  hand,  we 
have  the  ability  to  lock  it  down.” 

Do  you?  QQ 


Technology  Editor  Laurianne  McLaughlin  can 
be  reached  at  lmclaughlin@cio.com.  To  com¬ 
ment  on  this  article,  go  to  the  online  version  at 
www.cio.com/101506. 


Video  Tools 

Appliances  to  enforce  rules 
and  manage  bandwidth 

IF  THE  HEAVY  USE  of  streaming 
video,  Web  apps,  or  large  documents 
are  clogging  your  WAN  pipe  and 
degrading  application  performance, 
network  appliances  can  help  you 
manage  the  situation.  Traditional 
bandwidth  allocation  appliances  help 
ensure  that  critical  applications  get 
bandwidth  priority.  Newer  appliances 
offer  rules  you  can  set  for  video. 

Juniper  WXC  500  and  250:  These 
bandwidth  allocation  devices  can 
help  an  enterprise  deal  with  video 
and  applications  that  are  taxing  WAN 
bandwidth.  With  40GB  to  3-terabyte 
hard  drives,  they  also  store  pieces  of 
frequently  revised  large  files  so  that 
only  the  changes  travel  over  the  WAN. 

Cisco  WAE  appliances:  These  WAE 
modules  and  appliances  are  part  of 
Cisco's  WAN  optimization  solution 
that  monitors  and  manages  how 
bandwidth  is  used  by  different  appli¬ 
cations  and  video.  Cisco  Application 
and  Content  Networking  System  soft¬ 
ware  for  these  appliances  and  add-on 
modules  for  Cisco  Integrated  Ser¬ 
vices  Routers  will  add  functionality 
specifically  for  video,  including  com¬ 
pression,  caching  and  other  tricks  to 
reduce  the  flow  of  video-related  data 
over  the  WAN. 

Blue  Coat  SG  appliances:  Can  make 
video  rules  easy  to  apply,  based  on 
your  preferences.  For  example,  you 
may  want  to  block  specific  sites  or 
parts  of  sites,  at  specific  times,  or  sim¬ 
ply  slow  down  streaming  video  when 
the  WAN  pipe  becomes  clogged.  Uses 
caching,  compression  and  intelligent 
handling  of  the  video  stream  to  reduce 
the  amount  of  video-related  traffic  on 
the  WAN.  -L.M. 


32  OCTOBER  15,  2006  |  www.cio.com 


The  cost 
of  getti  ng 

bigger 
just  got 
smaller. 


You  need  more  storage.  You  don't  need  more  fees  or  systems  to 
manage.  The  Pillar  Axiom™  storage  system  lets  you  add  performance 
and  capacity  over  300  TB  per  system,  without  multiple  software 
license  fees.  It  empowers  you  to  manage  data  on  multiple  tiers, 
whether  in  SAN,  NAS  or  both,  through  one  simple  user  interface. 
Because  Pillar  delivers  top-tier  performance  and  capacity,  often  for 
less  than  what  many  companies  pay  just  to  maintain  and  operate 
their  storage  systems,  it  can  really  improve  your  bottom  line. 

To  hear  about  our  new  approach  to  managing  data  storage,  you 
owe  it  to  yourself  to  schedule  a  half-hour  briefing. 

Cali  1-877-252-3706  orvisitwww.pillardata.com/smaller 


Learn  the  truth  about  networked  storage. 


©  2006  Pillar  Data  Systems  Inc.  All  rights  reserved.  Pillar  Data  Systems,  Pillar  Axiom, 
and  the  Pillar  logo  are  all  trademarks  of  Pillar  Data  Systems. 


TOTAL  LEADERSHIP 


Mike  Hugos 


Howto  Get  Inspired 

Leading  innovation  requires  creativity.  That  means  you  have  to  think  like  an  artist. 


As  leaders,  we  are  charged  with  marshaling  the 
innovative  energy  in  our  organizations.  And  we 
work  hard  at  it.  It’s  too  bad  innovation  doesn’t  hap¬ 
pen  from  hard  work  alone;  if  it  did,  we’d  have  all 

we  need. 

But  innovation  calls  for  more  than  diligence.  At  the  center 
of  every  innovation  there  is  the  proverbial  “Aha”  moment,  that 
moment  of  inspiration  when  you  see  something  about  a  par¬ 
ticular  problem  that  you  haven’t  seen  before.  I  have  learned 
about  this  moment  of  inspiration  from  watching  my  wife,  who 
is  a  dancer  and  choreographer,  go  through  the  process  of  look¬ 
ing  for  inspiration.  Sometimes  it  seems  to  come  out  of  nowhere; 
sometimes  from  a  piece  of  music;  and  sometimes,  to  my  sur¬ 
prise,  from  something  I  say  or  do. 

Getting  inspiration,  then  crafting  it  into  a  stage  production, 
is  what  a  performing  artist  does.  Getting  inspiration  and  craft¬ 
ing  it  into  an  IT  system  is  what  a  CIO  does.  Perhaps  no  one 
would  call  us  artists,  but  in  order  to  foster  innovation,  we  CIOs 
need  to  learn  from  artists. 

How  Artists  Work 

When  seeking  innovation  we  typically  ask,  How  do  we  get 
ideas?  But  that’s  the  wrong  question.  I  don’t  think  we  get 
ideas;  I  think  the  ideas  get  us.  Artists  routinely  say  their  best 
ideas  seem  to  come  from  outside  of  themselves;  what  they  do 
is  give  form  to  those  ideas  through  whatever  medium  they 
are  working  in,  be  it  painting,  sculpture,  dance,  music,  film 
or  literature. 

The  better  question  to  ask  is,  How  do  we  put  ourselves  in  a 
frame  of  mind  where  we  can  receive  inspiration  when  it  comes 


34  OCTOBER  15,  2006  |  www.cio.com 


ILLUSTRATION  BY  MARTHA  RICH 


- 


NEC  IP  Telephony  UNIVERGE  * 


How  do  you  anticipate  the  needs 
of  a  single  guest  when  you  have 
20,000  of  them? 


NEC’s  integrated  IP  solutions  enable  the  complex  systems  of 
large  hotels  to  react  to  customers’  needs  like  small  boutique 
hotels,  providing  an  unexpected  level  of  personalized  guest 
service.  Utilizing  over  a  century  of  communications  experience, 
NEC  combines  advanced  computing  and  networking  technolo¬ 
gies  in  an  innovative  platform  that  offers  guest  service  solutions 
that  would  satisfy  the  most  discerning  traveler.  It’s  one  more 
way  NEC  empowers  people  through  innovation. 


*—  www.necus.com/necip 


IT  SERVICES  AND  SOFTWARE  ENTERPRISE  NETWORKING  AND  COMPUTING  SEMICONDUCTORS  IMAGING  AND  DISPLAYS 


©NEC  Corporation  2006.  NEC  and  the  NEC  logo  are  registered  trademarks  of 
NEC  Corporation.  Empowered  by  Innovation  is  a  trademark  of  NEC  Corporation. 


Empowered  by  Innovation 


NEC 


I 


Mike  Hugos  f  TOTAL  leadership 


to  us?  Artists  have  been  wrestling  with  this  question  for  mil¬ 
lennia.  Here  are  some  things  I  see  artists  do  when  they  work: 
•  They  immerse  themselves  in  their  subjects.  Actors 
immerse  themselves  in  the  personalities  and  histories  of 
their  characters,  painters  do  sketch  after  sketch  of  an  image, 
and  musicians  experiment  with  many  different  sequences 
of  notes  and  tempos. 

■  They  collaborate.  Many  forms  of  art  require  effective  col¬ 
laboration  between  groups  of  people  with 
complementary  skills.  My  wife  works 
closely  with  the  dancers  in  her  company, 
lighting  designers,  costume  designers 
and  musicians.  She  combines  their  dif¬ 
ferent  ideas  to  give  form  to  her  dance. 

■  They  play  with  different  ideas.  They 
don’t  dismiss  an  idea  just  because  it 
seems  strange  at  first.  My  wife  and  her  collaborators  try  out 
different  combinations  of  movement,  light,  costumes  and 
music  to  see  what  happens. 

Inspiration  occurs  when  a  certain  combination  of  ideas  sud¬ 
denly  reveals  a  simple  underlying  pattern  that  ties  the  work 
together  and  expresses  what  the  artistic  work  is  about.  Art¬ 
ists  say  they  know  the  inspiration  is  authentic  if  they  have  an 
intellectual,  emotional  and  physical  response  to  it.  Once  that 
happens,  there’s  a  flurry  of  activity  as  people  flesh  out  their 
inspiration  and  give  it  shape.  During  this  period,  artists  work 
long  hours;  they  become  single-minded  about  bringing  their 
ideas  into  tangible  form  and  presenting  them  to  the  world. 

And  once  a  big  project  is  finished  or  a  big  show  is  done,  art¬ 
ists  leave  town.  Being  creative  is  emotionally  and  physically 
taxing.  Artists  feel  drained  after  they’ve  done  good  work.  They 
take  time  off  to  recharge. 

Finding  Your  Muse 

Extrapolating  from  my  experience  with  artists,  I  see  four  basic 
skills  that  the  innovative  CIO  needs  to  cultivate  in  order  to 
excel  at  innovation: 

1.  Immerse  yourself  in  the  business.  It  almost  goes  with¬ 
out  saying  that  you  should  have  a  good  grasp  of  the  concepts 
and  rules  that  guide  the  business  operations  of  your  company. 
This  means  a  good  working  understanding  of  how  each  busi¬ 
ness  activity  fits  into  the  overall  business,  how  the  work  in 
each  activity  is  performed,  and  what  the  cost  and  profit  fac¬ 
tors  are. 

2.  Collaborate  frequently.  CIOs  need  to  innovate  in  the 
face  of  high  levels  of  complexity  in  both  business  processes 


More  About  Creativity 


Mike  Hugos  blogs  about  getting 
inspired  in  DOING  BUSINESS  IN 
REAL-TIME  at  blogs.cio.com 

cio.com 


The  innovative  CIO  orchestrates  this  process. 

3.  Tolerate  uncertainty.  It  is  an  act  of  discipline  and 
sometimes  of  courage  to  immerse  oneself  in  the  details  of  a 
problem  and  resist  the  temptation  to  rush  to  judgment  about 
what  should  be  done.  Because  of  the  complexity  inherent  in 
most  business  problems,  it  is  unlikely  that  the  first  few  ideas 
to  come  along  will  be  truly  innovative.  Don’t  dismiss  ideas 
just  because  they  defy  preconceived  notions,  and  don’t  give 


in  to  pressure  to  start  building  something  before  you  get  the 
inspiration  you  need. 

4.  Look  for  simple  patterns.  As  you  investigate  ideas 
and  combine  them  in  different  ways  to  create  system  designs, 
look  for  designs  where  all  the  elements  fit  together  in  a  simple, 
logical  and  complementary  fashion.  Remember  that  complex 
system  designs  usually  signify  that  solutions  have  not  been 
completely  explored.  When  you  find  a  simple  combination 
of  workflow  processes  and  technology  that  can  satisfy  a  wide 
variety  of  business  requirements,  then  you  have  an  innova¬ 
tive  design. 

Simplicity  is  important  to  artists  because  audiences  can 
understand  simple  patterns  of  expression  more  easily,  and  so 
these  are  an  effective  way  to  communicate  ideas.  Simplicity  in 
system  design  works  well  for  a  CIO  because  system  designs 
that  are  uncomplicated  are  more  likely  to  be  built  successfully 
and  more  likely  to  perform  as  expected. 

As  you  and  your  team  develop  these  four  skills,  you  will  see 
a  remarkable  increase  in  the  innovation  that  happens  in  your 
organization.  We  CIOs  are  already  good  at  working  long  and 
hard  to  get  things  done.  When  we  combine  that  ability  with 
an  ability  to  discover  inspirational  ideas,  then  we  unleash  a 
powerful  process  for  giving  our  companies  the  tools  they  need 
to  compete  and  succeed. 

Finally,  remember  that  innovation  is  an  art  more  than  a 
science.  As  you  become  an  innovator,  you  become  an  artist. 
So  do  as  the  artists  do  when  you  finish  that  big  project— get 
out  of  town.  Don’t  bring  your  BlackBerry.  Have  fun.  All  work 
and  no  play  makes  a  dull  CIO,  and  no  dull  CIO  has  a  chance 
as  an  innovator.  QQ 


Michael  Hugos  is  a  partner  in  AgiLinks,  a  software 
company  specializing  in  agile  supply  chains.  He 
is  former  CIO  of  Network  Services  and  author  of 
Essentials  of  Supply  Chain  Management.  He  can  be 
reached  at  mhugos@yahoo.com. 


Simple  patterns  of  expression  are 
an  effective  way  to  communicate. 
System  designs  that  are  simple  are 
more  likely  to  be  built  successfully. 


and  technology.  Complexity 
can  be  handled  more  easily  if 
groups  of  people  from  IT  and 
business  units  work  together, 
bringing  their  complementary 
skills  to  bear  on  a  problem. 


36  OCTOBER  15,  2006  |  www.cio.com 


Oracle  Database 


s4 


.. he  World's  Most 

Powerful  Database 


ORACLE 

In  an  independent  survey  of  database  owners,  WinterCorp  found  the  following 
running  on  Oracle: 

World's  Largest  Commercial  Database:  100TB 

World's  Largest  Linux  Data  Warehouse 

World's  Largest  Linux  &  Unix  Transaction  Processing  Systems 

World's  Largest  Unix  Data  Warehouse 

9  of  the  10  Largest  Unix  Transaction  Processing  Systems 

WinterCorp  2005  TopJen  Program 


Oracle  Database— 

The  facts  speak  for  themselves. 


oracle.com 

or  call  1.800.0RACLE.1 


Copyright  ©  2005,  Oracle.  All  rights  reserved.  Oracle,  JD  Edwards  and  PeopleSoft  are  registered  trademarks  of  Oracle  Corporation  and/or  its  affiliates. 

Other  names  may  be  trademarks  of  their  respective  owners. 


Michael  Schrage 


IT'S 


ALL  ABOUT  THE  EXECUTION 


Digital  Subversives 

Are  employees  compromising  security  by  bringing  consumer  tech  into  the  enterprise? 
Perhaps,  but  if  you  use  too  heavy  a  hand  to  stop  them,  you’ll  be  fighting  a  losing  battle. 


Power  users”  can  be  demanding  pains  in  the  butt. 

And  tech- savvy  managers  may  be  relentless  thorns 
in  your  side.  But  the  employees  with  the  greatest 
potential  to  make  your  enterprise  life  a  seething 
hell  of  killer  viruses,  data  loss,  network  disruptions,  compro¬ 
mised  security  and  contempt  for  your  professional  competence 
are  the  “ordinary”  folks  who  think  their  technologies  belong  on 
your  network  (see  “Consumer  Appeal,”  Page  63). 

They  care  not  that  Skype  is  a  terrific  vector  for  viruses  or 
that  a  MySpace  account  will  prove  to  be  an  information  sieve 
or  that  making  the  company’s  uber-customized  “sales-force 
automation”  system  run  on  their  BlackBerrys  will  take  months  of 
programming. 

They  don’t  think  twice  about  using  1-gig  memory  sticks  to 
back  up  customer  data  and  then  losing  the  sticks  on  a  trip. 
Maybe,  in  the  interests  of  good  supplier  or  customer  relation¬ 
ships  they’ll  put  a  behind-the-firewall  link  on  del.icio.us  to  help 
answer  a  question  or  two— and  then  call  your  people  scream¬ 
ing  that  you’ve  made  them  look  bad  because  it’s  inaccessible. 

Employees  just  suck,  don’t  they?  It’s  bad  enough  that  they 
don’t  read  the  documentation,  follow  the  rules  or  make  even  a 
minimal  effort  to  get  the  most  they  can  out  of  internal  IT  sys¬ 
tems.  Now  they’re  bringing  every  consumer  electronics  gizmo 
they’ve  purchased,  website  they’ve  accessed  and  IM  account 
they’ve  set  up  into  the  enterprise,  and  they  expect  you  to  sup¬ 
port  them.  Just  what  do  they  think  they’re  doing? 

The  answer  to  that  question  is  the  reason  the  surging  chal¬ 
lenge  of  consumer  technologies  will  get  worse  before  it  gets 
better  and  why  the  problem  can— at  best— be  managed  and 
not  solved. 


38  OCTOBER  15,  2006  |  www.cio.com 


ILLUSTRATION  BY  JIM  HAYNES 


integrity 


SurfControl 


Advanced  security  not  only  protects  your  network 

(It  does  wonders  for  your  confidence.) 


Now  ONE  PRICE  buys  a  license 
to  all  SurfControl  products 


SurfControl8  Enterprise  Protection  Suite 


Juniper  Networks  NetScreen  SSG-5 


Check  Point  Integrity  NGX1 


Covers  every  point  of  Internet  vulnerability — 
including  inbound  and  outbound  communication 
Blocks  employees  from  inappropriate  online 
content,  enables  managers  to  monitor  online 
activity,  and  prevents  users  from  downloading 
illegal  or  bandwidth-intensive  files 
Protects  e-mail  systems  against  viruses,  phishing, 
confidential  data  leakage  and  inappropriate  or 
time-consuming  spam 

Provides  serious  antispyware  protection,  while 
also  addressing  adware,  IM/P2P,  streaming 
audio/video  and  gaming  threats 


Offers  total  access  protection  for 
network  endpoints 

Protects  from  worms,  spyware  and  intrusion 
attempts  that  evade  other  security  products 
Delivers  Total  Access  Protection,  ensuring 
that  both  IT-managed  and  guest  PCs  are 
automatically  secured  before  they  are 
allowed  to  connect  to  the  enterprise  network 
Automatically  updates  antivirus  and  patches, 
terminates  malware,  removes  spyware, 
blocks  buffer  overflow  attacks  and  secures 
employee  use  of  instant  messaging  services 


7-port  1 0/1 00BASE-TX  network  security 
solution — one  Untrust  10/100  Ethernet 
port,  six  Trust  10/100  Ethernet  ports 
Offers  deep  inspection  firewall  and 
external  Web  filtering 
Dial  backup 

25  concurrent  VPN  tunnels 


□  Check  Point 

■  SOFTWARE  TECMNOLOGIESiTD 

We  Secure  the  Internet 


100 -user  suite  CDW  886048 


CDW 1036963 


The  Security  Solutions  You  Need  When  You  Need  Them. 

Today's  sophisticated  security  threats  go  way  beyond  what  antivirus  can  handle. 
That's  why  CDW  has  all  the  technology  you  need  for  full  network  gateway  protection. 
From  firewall  protection  to  antispyware  to  intrusion  detection  and  beyond,  we  have 
a  wide  variety  of  the  top  names  in  the  industry.  And  we  have  the  expertise  to  answer 
questions,  offer  advice  and  build  solutions  that  will  hold  up  to  the  worst  threats  out 
there.  So  call  today  and  get  the  total  protection  you  need. 


The  Right  Technology.  Right  Away. 

CDW.com  •  800.399.4CDW 


Offer  subject  to  CDW's  standard  terms  and  conditions  of  sale,  available  at  CDW.com.  ©2006  CDW  Corporation. 


m  Michael  Schrage  f  IT'S  all  about  the  execution 


An  emerging  majority  of  employees  honestly  believe  that 
the  technology  they  use  outside  the  organization  is  superior  to 
the  technology  they  use  inside  the  enterprise.  They  feel  they’re 
getting  a  swifter  and  more  valuable  user  experience  interact¬ 
ing  with  eBay  than  with  your  supply  chain  software;  Google’s 
better  than  your  DBMS;  Skype  beats  your  phone  system;  and 
AOL  wins  because  you  don’t  allow  IM  or  “buddy  lists.” 

What’s  more,  the  savvier  employees  with  teenagers  look 
at  MySpace  and  Facebook  and  wonder  why  IT  isn’t  adapting 
those  kinds  of  social  networking  genres  for  project  manage¬ 
ment  and  hiring  systems.  They  wonder  why  they  get  better, 
faster,  cheaper  or  free  software  services  outside  the  firewall. 


They  think  you’re  too  slow,  cautious,  unmotivated.  They  think 
you  suck.  If  they  like  you,  they  simply  think  you’re  too  busy. 

So  that’s  their  excuse  for  bringing  external  technologies  and 
services  into  the  enterprise:  You  can’t  and/or  you  won’t. 

Further  complicating  this  dynamic  is  the  reality  that  most 
of  your  better  employees  now  take  their  work  home  and  on  the 
road.  Companies  have  (successfully)  used  IT  to  both  blur  and 
dissolve  the  lines  between  the  office  and  the  home.  Well,  two 
can  play  at  that  game.  Employees  once  dependent  on  enter¬ 
prise  software  to  finish  a  project  over  the  weekend  now  want 
to  be  able  to  integrate  software  and  services  from  websites  you 
might  not  like  or  trust.  Too  bad  for  you. 

Historically,  IT’s  response  to  technical  insubordination  is 
prohibition:  Employees  are  forbidden  from  using  Skype,  IM, 
personal  e-mail  accounts  and  so  on.  I  remember  that  in  the 
1980s,  more  than  a  few  Fortune  500  IT  shops  didn’t  allow  per¬ 
sonal  computers.  In  the  1990s,  corporate  IT  tried  to  stamp  out 
unauthorized  local  networks  that  various  workgroups  had  set 
up  for  themselves  because  IT  hadn’t  gotten  around  to  support¬ 
ing  them.  No  wonder  IT  got  a  reputation  as  “user  hostile.” 

Guess  what?  Last  millennium’s  authoritarian/totalitarian 
IT  enterprise  culture  approach  to  innovation  imports  can’t 
work.  Declaring  war  on  external  technologies  turns  your 
employees  into  innovation  insurgents  and  “Google  guerril¬ 
las.”  You  are  defining  them  as  enemies,  and  enemies  have  little 
interest  in  cooperation  and  collaboration.  No— they’re  inter¬ 
ested  in  figuring  out  workarounds  and  countermeasures. 

They’re  not  doing  this  out  of  spite;  they’re  doing  it  because 
using  these  tools  and  technologies  makes  their  work  lives 
easier,  better  and  more  productive.  Do  employees  occasion¬ 
ally  and,  yes,  inappropriately  use  these  sites  and  technologies 


for  personal  use— booking  travel,  buying  products,  send¬ 
ing  personal  messages?  Of  course.  Then  again,  they’re  also 
doing  work  at  home  and  during  personal  time  while  on  the 
road.  Does  IT  really  want  to  be  Big  Brother,  Supernanny  and 
Techno-enforcer  all  in  one?  As  the  CIO,  is  that  the  “employee 
empowerment”  brand  you  want  for  IT? 

Enormous  reservoirs  of  time,  money,  resources  and  hostil¬ 
ity  are  consumed  in  this  losing  battle  to  define  what  employ¬ 
ees  cannot  or  should  not  use.  Don’t  do  it.  People  will  use  IM 
whether  you  like  it  or  not.  People  will  use  their  cell  phones  to 
access  proprietary  databases.  The  core  concern  is  that  some  of 
these  behaviors  are  far  riskier  than  others.  IT’s  traditional  role 
of  identifying  such  risks  in  order  to  eliminate 
them  is  no  longer  sustainable— not  when  the 
quality  of  external  options  is  so  often  supe¬ 
rior  to  the  quality  of  internal  service. 

There  is  no  cost-effective  “solution”  to 
this  challenge;  there  is,  however,  a  construc¬ 
tive  approach.  Don’t  compete;  don’t  combat; 
co-opt.  Organize  advisory  groups  of  employ¬ 
ees  who  flout  your  rules  on  external  innova¬ 
tion  and  relentlessly  get  their  input  on  how  helpful  you  should 
be.  The  purpose  is  not  to  cater  to  their  whims  or  get  them  to 
like  you  better.  It’s  to  exchange  ideas  and  insights  around  risk. 
It  is  not  your  job  to  eliminate  risk;  it’s  your  job  to  manage  it. 

You  and  your  folks  (should)  know  way  more  about  the  tech¬ 
nical  risks  of  these  technologies  than  your  employees.  How 
well  do  you  communicate  and  explain  risk  scenarios?  To  what 
extent  do  your  employees  appreciate  that  there  are  often  very 
simple,  easy  things  they  can  do  to  dramatically  reduce  their 
individual  and  your  institutional  exposure  to  risk? 

It’s  foolish  and  counterproductive  to  let  IT’s  and  Legal’s  “elimi- 
nationist”  policies  get  in  the  way  of  good  risk  management.  And 
it  undermines  relations 
with  employees  when 
you  introduce  new  sys¬ 
tems  and  services. 

How  well  CIOs  and 
IT  should  leverage 
external  innovation  to 
amplify  core  IT  processes  deserves  future  discussion.  But  for 
now,  CIOs  need  to  turn  their  shops  away  from  declaring  war  on 
their  digital  subversives  and  instead  invite  them  to  better  under¬ 
stand  the  nature  of  enterprise  risk.  These  people  are  using  these 
technologies  because  they’re  smart,  not  because  they’re  stupid. 
They’re  smart  enough  to  understand  the  difference  between  risk 
elimination  and  risk  management  too.  BQ 


Michael  Schrage  ( schrage@media.mit.edu )  is  codi¬ 
rector  of  the  MIT  Media  Lab’s  eMarkets  Initiative.  To 
comment  on  this  article,  go  to  the  online  version  at 
www.cio.com/101506. 


Declaring  war  on  external  technologies 
turns  your  employees  into  innovation 
insurgents  and  "Google  guerrillas."  You 
are  defining  them  as  enemies,  and  ene¬ 
mies  have  little  interest  in  cooperation. 


Sound  Off  on  Consumer  Tech 


Michael  Schrage  and  others  sound  off 
on  consumer  tech  and  more  in  a  fast- 
paced  webcast  at  www.pqhp.com/ 
idg/ciol0Q-06 

cio.com 


40  OCTOBER  15,  2006  |  www.cio.com 


Executive  Summary 

In  recent  years,  the  widespread  adoption  of  servers  has  fundamentally 
changed  the  way  organizations  manage  data,  information  and  knowledge.  It 
has  ushered  in  substantial  cost  savings  and  helped  enterprises  manage  work 
and  business  processes  far  more  efficiently.  However,  the  use  of  large  num¬ 
bers  of  servers  has  created  an  entirely  different  set  of  challenges.  Managing 
and  optimizing  these  systems  is  paramount. 

To  optimize  IT  and  business  operations,  it's  essential  to  step  beyond  the 
flat  earth  of  incremental  improvements  and  develop  an  effective  strategy  for 
logical  and  geographic  server  consolidation  across  an  enterprise. 

Unfortunately,  few  companies  have  created  an  overall  strategy  for  opti¬ 
mizing  a  server  environment.  Many  are  buried  under  an  array  of  everyday 
server  problems — patch  management,  resource  utilization,  security,  server 
sprawl  and  management  flexibility.  Although  IT  administrators  look  to 
improve  performance,  they  don't  recognize  the  need  to  embrace  server  con¬ 
solidation  as  a  core  strategy. 


Custom  Publishing 


Building  a  Better  IT  Department 

Efficient  use  of  resources  can  help 
organizations  achieve  better  perform¬ 
ance  and  service  levels  at  a  lower  cost.  A 
more  efficient  use  of  resources  delivers  a 
higher  return  on  assets  (ROA),  lower 
total  cost  of  ownership  (TCO)  and  a 
streamlined  IT  environment  that  lets  staff 
focus  on  strategic  rather  than  adminis¬ 
trative  tasks.  An  effective  consolidation 
initiative  trims  systems  maintenance  and 
cooling  costs,  reduces  systems  license 
fees,  simplifies  patching  and  security, 
boosts  system  availability,  and  improves 
backups  and  data  recovery. 

What  makes  server  consolidation  so 
powerful  is  that  it  simplifies  the  man¬ 
agement  of  heterogeneous  hardware 
and  software.  Ultimately,  that  organi¬ 
zation  will  be  able  to  standardize  on 
fewer  applications  and  operating  sys¬ 
tems,  centralize  data  management  and 
consolidate  applications  and  operating 
systems.  Flexibility  and  scalability 
become  realistic  goals. 

Solutions  like  Microsoft® 's  Virtual 
Server  2005  R2  and  Windows®  Server 
2003  R2  can  play  a  role.  Virtual  Server 
2005  R2  is  ideal  for  server  consolidation  in 
both  the  datacenter  and  the  branch  office, 
allowing  organizations  to  make  more 
efficient  use  of  hardware  resources, 
Windows  Server  2003  R2,  Enterprise 
Edition  delivers  the  business  value,  techni¬ 
cal  features  and  software  licensing  that  are 
designed  to  help  customers  take  advan¬ 
tage  of  the  benefits  of  server  consolidation 
technology  in  today's  IT  environment. 

Confronting  Inefficiency 

Navigating  today's  IT  environment  is  no 
simple  task.  A  recent  study  conducted 
by  IDG  Research  on  behalf  of  Microsoft 
found  that  respondents  had,  on  average, 
five  different  brands  of  servers  installed 
within  their  enterprise.  Twenty-five 
percent  had  five  or  more  server  ven¬ 
dors  represented  within  the  organiza¬ 
tion.  In  many  instances,  an  array  of  man¬ 
ufacturers,  operating  systems  and  busi¬ 
ness  requirements  translates  into  unnec¬ 
essary  duplication  of  systems  and  an  inef¬ 
ficient  use  of  resources.  Under-managed 
resources  adversely  impact  computing 
costs  and  organizational  efficiency. 


ADVERTISING 


SUPPLEMENT 


SERVERS  DEPLOYED  ACROSS  THE  ENTERPRISE 


Less  than  10 
10-25 
26-49 
100-249 
250  -  499 
500  -  999 
1000-4999 
5000+ 
Don't  know 


1% 


Mean  number  of  servers  across  enterprise  =  2,992 
Median  number  of  servers  across  enterprise  =  200 


Organizations  face  a  number  of  issues  when  attempting  to  optimize  a 
server  environment,  including  patch  management,  resource  utilization, 
maintenance  costs,  server  sprawl,  interoperability,  downtime,  site  licensing 
costs,  and  space  and  energy  costs.  Companies  also  face  headaches  related 
to  managing  and  retrieving  data.  Not  surprisingly,  at  some  point,  cus¬ 
tomers,  business  partners  and  employees  feel  the  impact.  What's  more,  the 
organization  may  find  itself  facing  lagging  in  productivity  and  performance. 


THE  BIGGEST  CHALLENGES  IN  MANAGING  A  SERVER  INFRASTRUCTURE 


Patch  management 
Resource  utilization 
Maintenance  costs 
Server  sprawl 
Interoperability 
Downtime 
Other 
Don't  know 


63% 

25":| 

6  I 


|  2% 


Most  executives  understand  that  a  server  infrastructure  affects  various 
initiatives  within  the  organization.  Among  the  leading  concerns  are  deliv¬ 
ering  consistent  service  levels,  instituting  disaster  recovery  provisions  and 
protecting  internal  environments.  Also  important  are  optimizing  utiliza¬ 
tion,  planning  applications,  storage,  data  reduction  and  redesign  more 
effectively,  and  achieving  greater  standardization. 

In  addition,  organizations  are  increasingly  looking  to  consolidate 
workloads  in  a  number  of  areas,  including  databases,  business  applica¬ 
tions,  file  and  print,  email,  Web  and  networking.  IT  executives  and  busi¬ 
ness  decision  makers  have  a  growing  need  to  develop  both  tactical  and 
strategic  approaches  for  dealing  with  the  byproduct  of  today's  complex 
computing  environments. 


Seeking  Solutions 

Server  consolidation  is  a  term  that's  used  to  describe  the  strategy  of  mov¬ 
ing  multiple  applications  onto  a  single  physical  server — thus  saving  both 
hardware  and  ongoing  management  costs.  Server  consolidation  encom¬ 
passes  four  primary  goals: 

The  need  for  better  server  utilization.  Enterprises  that  maximize 
the  use  of  servers  for  processor  power,  memory  and  storage  achieve  per- 


OPTIMIZING  SERVER  RESOURCES 


ADVERTISING  SUPPLEMENT 


formance  gains  in  the  range  of  30  percent  to  70  percent.  Ensuring  that 
servers  are  tuned  correctly  can  help  redistribute  processor  load  and 
reduce  the  imbalance  that  often  occurs  within  today's  complex  IT  sys¬ 
tems.  Adding  virtualization — the  ability  to  store  operating  systems  and 
data  logically  across  numerous  servers  (rather  than  physically) — can  fur¬ 
ther  boost  results. 

Improving  server  management.  Complex  environments  lead  to 
enormous  demands  on  staff  and  equipment.  By  reducing  or  eliminating 
much  of  the  administrative  burden  that  surrounds  an  IT  environment — 
maintaining  operating  systems,  overseeing  applications,  backing  up 
data,  and  more — organizations  are  able  to  use  hardware  and  IT  staff  far 
more  effectively. .  .and  strategically.  What's  more,  they  are  able  to  cut 
down  on  software  licenses  and  cooling  costs.  In  some  cases,  they  are 
also  able  to  reduce  the  space  needed  to  house  servers  and  data  centers. 

Increasing  reliability.  Improving  availability  and  building  better 
backup  systems  helps  an  enterprise  reduce  risk  and  improve  data  deliv¬ 
ery.  The  goal  is  to  reduce  system  downtime  and  mitigate  financial  risks 
while  providing  a  high  service  level  for  customers,  business  partners 
and  employees.  Greater  reliability  also  translates  into  improved  levels  of 
security  and  protection. 

Improving  flexibility,  scalability  and  agility.  With  the  right  sys¬ 
tems  in  place,  an  organization  can  react  to  changing  business  condi¬ 
tions  more  nimbly  and  decisively.  The  ability  to  deploy  servers  efficiently 
and  create  a  well-designed  IT  infrastructure  is  the  foundation  for  pres¬ 
ent-day  performance  and  future  growth.  The  result  is  an  ability  to 
access  information  more  quickly  and  deploy  new  systems  strategically. 

Taking  Consolidation  to  the  Next  Level 

Organizations  can  cut  server  costs  by  30  to  40  percent  by  maximizing 
resources — and  thus  consolidate  their  server  infrastructure.  Typically, 
one  IT  administrator  is  required  for  every  25  servers  deployed  through¬ 
out  an  organization.  These  administrators  do  not  add  to  the  value  of  a 
server  environment;  they  simply  help  manage  the  growth  of  servers  as 
an  enterprise  grows.  An  effective  consolidation  initiative  can  double 
the  number  of  servers  an  administrator  can  handle. 

Consolidation  may  tap  into  a  number  of  tools,  including  Windows 
System  Resource  Manager  (which  enables  IT  administrators  to  manage 
CPU  and  memory  utilization  on  a  per-process  basis),  support  of  side-by- 
side  DLLs,  the  ability  to  run  multiple  instances  of  Internet  Information 
Services  (IIS),  multipath  I/O  that  supports  SANs,  and  shadow  copy  capa¬ 
bilities  to  restore  data  environments . 

While  an  array  of  events  might  trigger  the  need  for  server  consolida¬ 
tion,  the  common  denominator  is  a  well-defined  set  of  benefits:  improved 
TCO,  better  corporate  standards,  improved  service  levels  and  availability, 
improved  disaster  recovery  capabilities  and  enhanced  system  management. 

And  with  tools  like  System  Center  Virtual  Machine  Manager  (now  in 
beta)  IT  decision-makers  now  have  a  unified  set  of  tools  for  managing 
the  complete  infrastructure — both  physical  and  virtual  environments, 
plus  the  application  stacks  on  top. 

Tapping  into  the  Power  of  Virtualization 

Virtualization  replaces  the  traditional  approach  of  removing  and 
adding  storage  by  treating  numerous  storage  devices  as  a  single  logical 
entity.  Because  the  environment  does  not  distinguish  among  physical 
media  contained  within  servers,  a  system  administrator  can  swap 


devices  at  any  time  without  reconfigur¬ 
ing  the  entire  infrastructure.  The  ability 
to  run  different  operating  systems  and 
applications  on  the  same  physical  server 
lets  organizations  consolidate  the  work¬ 
load  placed  on  servers.  If  one  virtual  sys¬ 
tem  fails,  another  can  take  over  instantly 
and  perform  the  same  tasks. 

On  the  Front  Lines  of  Business 

Every  organization  faces  its  own  set  of 
roadblocks — and  must  blaze  its  own 
path  to  success  when  working  to  man¬ 
age  server  resources  most  efficiently.  At 
one  Atlanta-based  restaurant  chain,  the 
biggest  challenge  was  limited  space  in  its 
data  center.  The  company  has  already 
moved  the  data  center  once  because  of 
a  "one-application,  one-server"  mentali¬ 
ty.  Virtualization  and  consolidation  will 
allow  the  company  to  use  resources 
within  the  data  center  more  effectively, 
reduce  the  number  of  servers  and  allo¬ 
cate  computing  power  more  efficiently. 

Putting  a  strategy  into  play  creates 
additional  challenges,  however.  The 
company  faces  an  additional  investment 
in  a  storage  solution  and,  as  one  IT  exec¬ 
utive  puts  it,  there  is  much  concern 
about  adding  to  "an  already  significant 
investment  in  the  separate  storage  needs 
of  the  applications  we  run. "  Further¬ 
more,  the  company  must  cost-justify 
replacing  servers  that  are  relatively  new, 

QUICK  FACTS: 

More  than  two-thirds  of  companies 
(70  percent)  have  a  server  consolidation 
strategy  already  in  place. 

Overall,  82  percent  of  respondents  in  the 
CIO  survey  viewed  server  consolidation  as  a 
moderate,  high  or  critical  priority. 

Only  11  percent  rated  it  as  low  priority  and 
6  percent  rated  is  as  "not  a  priority. " 


using  TCO  and  ROI  analyses  to  show 
that  the  new  environment  will  lead  to 
long-term  cost  savings  through  reduc¬ 
tions  in  facilities  and  management  costs. 

The  company's  long-term  goal  is  the 
development  of  a  consolidated  platform 
that  it  can  quickly  and  easily  adjust  to 
the  needs  of  the  business. 

Other  organizations  are  also  taking 


OPTIMIZING  SERVER  RESOURCES 


ADVERTISING  SUPPLEMENT 


Rapid  growth 
translates  into 
rapidly  changing 
business  and 
IT  requirements 


As  more  and  more  components  of 
the  IT  infrastructure — such  as  stor¬ 
age,  servers,  and  network — become 
virtualized,  the  flexibility  of  the  sys¬ 
tem  grows  substantially.  By  enabling 
business  policy  to  be  used  as  a  driver 
for  the  systems  and  resources  that 
are  available,  you  can  make  the 
move  from  flexible  systems  to  truly 
dynamic  systems.  To  support  this 
infrastructure  flexibility  with  soft¬ 
ware  licensing  flexibility,  Microsoft 
took  the  industry-leading  step  to 
revamp  our  Windows  Server  and 
Windows  Server  System  application 
(SQL,  Exchange,  etc.)  licenses  to 
make  them  virtualization-compati¬ 
ble.  For  example, 

•  It  is  now  possible  to  run  up  to 
four  virtual  instances  of  Windows 
Server  2003  R2  Enterprise  Edition  on 
one  licensed  physical  server  or  hard¬ 
ware  partition. 

•  Windows  Server  System  applica¬ 
tions  running  in  a  virtual  environment 
are  now  licensed  per  virtual  proces¬ 
sors  instead  of  physical  processors. 

•  Starting  Oct.  1,  2006,  new 
servers  licensed  with  Windows  Server 
Datacenter  Edition  (and  previous 
licenses  with  new  version  rights)  will 
have  license  rights  to  run  an  unlimit¬ 
ed  number  of  virtualized  Windows 
Server  instances.  By  simply  licensing 
the  server's  processors  with  Windows 
Server  Datacenter  Edition,  customers 
will  be  able  to  run  Windows  Server 
Standard  Edition,  Enterprise  Edition, 
Datacenter  Edition,  or  a  mix  of  the 
three  editions  without  having  to 
track  the  number  of  virtual  machines 
or  pay  for  additional  Windows  Server 
licenses. 


Ti 


heed.  At  a  large  financial  services  firm  in  Canada,  executives  view  server 
consolidation  as  a  strategic  and  fundamental  requirement.  Data  center 
efficiency,  asset  control  and  optimization,  and  total  cost  of  ownership 
(TCO)  are  all  key  drivers.  The  company  has  marched  forward  with  an  ini¬ 
tiative  that  has  already  improved  provisioning  workflow  from  six  weeks  to 
three  days.  Using  virtualization,  it  has  boosted  the  operational  effective¬ 
ness  of  assets  and  driven  down  operational  costs. 

Increasingly  complex  IT  environments  require  increasingly  innovative 
approaches.  At  a  leading  food  producer  based  in  New  York  State,  rapid 
growth  translates  into  rapidly  changing  business  and  IT  requirements. 
Because  the  company's  infrastructure  can  no  longer  support  more 
servers,  the  company  has  identified  key  strategic  and  tactical  objectives 
and  developed  a  plan  to  affect  change. 

The  former  includes  high  availability  and  faster  deployment  of  new 
servers.  The  latter  involves  using  load  balancing  across  a  pool  of  servers 
and  achieving  high  availability  of  applications.  Over  time,  the  firm  has 
moved  outdated  Windows  2000  servers  to  a  virtual  environment  based 
on  a  newer  version  of  Windows 
OS,  and  it  has  migrated  numerous 
physical  servers  into  the  virtual 
realm  as  well.  The  initiative  has 
saved  the  organization  staff  time 
and  money  while  boosting  avail¬ 
ability  for  existing  hardware. 

Conclusion 

The  complexities  associated  with 
today's  distributed  IT  systems  are 
driving  businesses  to  spend  as 
much  as  70  to  80  percent  of  their 
IT  budget  just  to  maintain  what 
they  have.  In  addition  to  driving  up 
the  costs  of  operations,  the  com¬ 
plexity  of  these  systems  is  at  the 
source  of  many  challenges  across 
the  entire  IT  lifecycle. 

A  successful  consolidation 
strategy  doesn't  merely  reduce  the 
number  of  physical  servers  within  an  enterprise.  It  creates  an  environment 
where  the  enterprise  achieves  maximum  efficiency  across  its  entire  server 
infrastructure.  When  an  enterprise  has  a  well-defined  server  optimization 
strategy  in  place  and  devotes  the  necessary  resources  to  affecting 
change,  it's  possible  to  move  beyond  the  incremental  gains  that  derive 
from  the  addition  of  more  hardware  and  develop  an  IT  environment  that 
uses  all  systems  in  the  most  optimized  and  efficient  way  possible. 
Suddenly,  it  is  possible  to  meet  performance  goals  and  manage  growth  in 
a  way  that  wouldn't  have  previously  seemed  possible. 

Many  organizations  are  looking  to  solutions  like  Microsoft's  Dynamic 
Systems  Initiative  to  help  manage  the  complexity.  By  providing  "intelli¬ 
gence"  at  different  layers,  solutions  like  Microsoft  Dynamic  Systems 
Initiative  can  create  a  self-managing  environment  in  which  automation 
can  handle  most  of  the  administrative  and  management  tasks. 

The  goal:  Use  products  like  Microsoft's  Dynamic  Systems  to  create  a 
dynamic  virtualized  infrastructure  and  make  IT  a  true  value  generator  for 
your  organization.  ■ 


Server  virtualization  strategy  in  place 
Yes 
No 

Don't  know 


•J4 

■ 


Currently  use  virtualization  in 
enterprise  technology  (NET) 

Yes  -  for  development, 
testing  and  production  - 
specific  workloads  only 
Yes  -  for  development 
and  testing  only 
Yes  -  for  development, 
testing  and  production  - 
most  or  all  workloads 
No,  we  don't  use  virtualization 
I  don't  know  what  virtualization  is 

Source:  IDG  Research 


6S 


24 


OPTIMIZING  SERVER  RESOURCES 


business  is  one  of  the  most  important  yet  challenging  obligations 
of  the  CIO. 


Join  more  than  420  of  your  colleagues  in  the  CIO  Executive  Council 
who  are  collaborating  on  issues  most  important  to  the  CIO  community  — 
and  who  have  begun  to  change  the  perceptions  of  IT  across  the  globe. 

Start  by  downloading  complimentary  tools  including  the  IT  Value  Matrix 
office  poster  and  the  new  IT  Marketing  Benchmark  Study  —  examples 
of  how  Council  members  are  shaping  the  standards  of  marketing  IT  to 
the  business. 

To  download  these  tools  and  other  content  created  by  CIO  Executive  Council 
I  members,  please  visit  www.cioexecutivecouncil.com/it_value. 


CIO  Executive  Council 

The  Professional  Organization  for  CIOs 


The  CIO  Executive  Council  is  the  world’s  first  professional  association  focused 
exclusively  on  the  CIO.  Founded  in  2004  by  the  readers  of  CIO  magazine,  Council 
members  are  committed  to  leveraging  the  individual  and  collective  strengths  of  the 
community  of  CIOs  to  advance  the  CIO  profession  and  its  role  in  driving  shareholder 
results  for  their  respective  organizations.  In  just  two  short  years,  the  CIO  Executive 
Council  has  grown  to  more  than  420  CIOs  worldwide,  representing  executive  leadership 
in  organizations  with  approximately  $2  trillion  (USD)  in  annual  revenues. 

For  information  on  membership,  please  visit  www.cioexecutivecouncil.com. 


Founded  by 


Business 

Technology 

Leadership 


Peer  to  Peer 


FIELD-TESTED  IDEAS  FROM  CIOs  TO  CIOs 


Lessons  for  the  Mentor 


How  one  CIO  got  the  extra  resources  she  needed  while  learning  how  to  help 
young  IT  professionals  shine  by  Barbara  kunkel 


For  more  than  20  years,  I’d  coached  youth  soccer.  I 
took  immense  pleasure  in  developing,  guiding  and 
motivating  young  players,  both  on  and  off  the  field. 
In  turn,  their  enthusiasm  energized  me. 

Six  years  ago,  unfortunately,  I  had  to  put  my  coaching  on 
hold  to  deal  with  my  mounting  responsibilities  as  CIO  of  a 
growing  national  law  firm.  But  when  a  series  of  mergers  led 
to  a  significant  increase  in  my  department’s  workload,  I  saw  a 
new  way  to  help  young  people  learn  and  develop  their  poten¬ 
tial.  I  initiated  a  summer  college  internship  program  to  fill  the 
resource  void  and,  at  the  same  time,  help  young  women  pursue 
careers  in  IT.  At  Nixon  Peabody,  only  about  40  percent  of  the 
IT  staff  are  women,  and  this  percentage  continues  to  shrink  as 
it  gets  harder  to  find  women  with  technical  skills.  Mentoring 
female  summer  interns,  I  thought,  could  draw  more  women 
into  my  department  and  into  IT.  I  had  no  idea  what  lessons 
were  in  store  for  me  over  the  next  several  years. 

It  was  as  if  I  were  stepping  onto  the  soccer  field  for  the  first 
time  in  my  life. 

What  I  Learned  from  Anna 

Anna,  our  first  summer  intern,  joined  the  department  in  2001 
after  she  completed  her  first  year  as  a  computer  science  major 
at  Rensselaer  Polytechnic  Institute.  Her  first  week  of  orienta¬ 
tion  included  an  overview  of  the  firm  and  its  technology  tools. 
Her  first  assignment,  reporting  to  the  supervisor  of  desktop 
support,  tested  her  knowledge  of  hardware  and  put  her  on  the 
front  line  with  the  internal  customers.  Anna  adjusted  quickly 
and  appeared  to  enjoy  the  work.  She  was  technically  compe¬ 
tent,  a  natural.  But  in  checking  with  both  her  and  her  super- 


42  OCTOBER  15,  2006  |  www.cio.com 


ILLUSTRATION  BY  CRAIG  LA  ROTUNDA 


ADVERTISEMENT 


EXECUTIVE 

VIEWPOINT 


CIO  EXECUTIVE  VIEWPOINT 

Compliance  Bonus 

Lucent  leverages  SOX  challenge  to  transform  IT 


Elizabeth  Hackenson 

Chief  Information  Officer  for  Lucent  Technologies 

In  just  11  months,  Lucent  Technologies  turned  a  compliance  challenge  into  a  business 
victory.  The  company  met  Sarbanes -Oxley  404  compliance  requirements  while  simul¬ 
taneously  transforming  its  global  IT  infrastructure,  which  spans  26  countries. 

Elizabeth  Hackenson  is  the  Chief  Information  Officer  for  Lucent  Technologies, 
overseeing  operation  of  the  company’s  information  systems  infrastructure,  including 
global  communications  systems,  corporate  networks,  and  e-business  platforms.  She 
joined  Lucent  Technologies  in  April  2006. 


What  were  some  of  the  key  challenges 
faced  by  Lucent  in  meeting  Sarbanes- 
Oxley  certification  requirements?  Why? 

The  challenge  was  to  transform  IT  glob¬ 
ally  to  comply  with  SOX  2002  certification 
requirements  in  a  short  timeframe.  This  was 
a  common  concern  for  all  CIOs  at  the  time 
-  how  to  gain  visibility  to  process  controls  on 
a  global  level  while  meeting  Sarbanes-Oxley 
compliance. 

The  transition  plan  for  an  organization  as 
large  as  ours  wras  complex,  involving  thou¬ 
sands  of  people  across  multiple  time  zones 
and  languages,  and  the  timeframe  w7as 


extremely  short.  We  knew7  we  needed  strong 
executive  sponsorship,  and  a  dedicated  team 
to  drive  to  aggr  essive  milestones  to  meet 
regulatory  deadlines. 

What  were  some  of  the  key  organizational 
issues  that  influenced  Lucent’s  global  IT 
transformation? 

Lucent  needed  to  adjust  the  entire  organiza¬ 
tion  to  changing  business  requirements,  while 
continuing  to  provide  24x7  support  to  a  glob¬ 
al  workforce  of  more  than  35,000  employees. 
We  needed  to  bring  together  disparate  global 
processes,  in  a  heterogeneous  environment, 
wfith  hundreds  of  applications,  thousands  of 
servers,  and  a  variety  of  support  models,  all 
in  less  than  a  year. 

A  major  challenge  was  to  get  our  people  to 
adopt  dramatically  different  processes  and 
best-practice  models,  w  hile  maintaining  day- 
to-day  operations.  It  w7as  really  hard  to  strike 
the  right  balance  and  make  the  trade-offs  to 
keep  moving  forward.The  critical  word  w  as 
balance. 


How  did  you  successfully  address  resis¬ 
tance  to  change? 

We  sought  to  gain  support  from  strong 
influencers  within  each  organization,  sharing 
with  them  the  business  case  and  getting  their 
buy-in  so  they  could  head  off  resistance  to  the 
changes. 

We  also  received  tremendous  support  from 
the  CFO  and  CEO.  Early  executive  sponsor¬ 
ship  w  as  key.  We  articulated  frequently  to 
them  the  benefits  of  the  automated  project 
and  compared  the  outcomes  to  the  previous 
manual  processes,  highlighting  the  improve¬ 
ments.  Frequent  review  s  wdth  the  manage¬ 
ment  team  increased  executive 
mindshare  for  the  project. 

Continuous  communication 
to  staff  during  the  1 1  months, 
as  w7e  made  changes,  wras 
important.  We  went  back  to 
our  influencers  and  supporters  to  ask:  Did 
you  know  that  (because  of  the  new  technol¬ 
ogy)  we  see  this  kind  of  trend  going  on  in 
the  application  environment  that  can  now 
be  proactively  addressed?  This  enabled  us  to 
emphasize  clear  benefits  to  offset  the  trans¬ 
formation  pain. 

This  project  w  ill  stand  as  an  example  for 
future  IT  transformations. 

In  sum,  what  were  the  key  HP  differentia¬ 
tors  that  resulted  in  a  successful 
deployment  and  Lucent’s  business/IT 
alignment? 

HP  provided  a  solution  wdth  an  architecture 
built  on  ITIL.  Not  only  w  ere  processes  pre¬ 
defined,  but  also  tools  w7ere  set  up  in  advance. 
HP  provided  a  best-practices  IT  Service  Man¬ 
agement  deployment  model  and  the  consult¬ 
ing  expertise  to  implement  a  full  solution. 

We  did  take  the  opportunity  to  invest  in  soft¬ 
ware  (HP  OpenView  Service  Desk  and  HP 
Open  View7  Operations)  that  provided  quite 


Don't  think  you  are  ever  done, 

because  it's  a  learning  process. 
IT  transformation  is  a  journey." 


a  bit  of  benefit  post-SOX.  HP  OpenView7 
gave  us  an  important  capability7  for  a  global 
company  -  to  have  all  of  our  systems,  appli¬ 
cations,  and  processes  recorded  in  a  common 
configuration  management  database,  which 
helps  us  better  manage  our  global  IT  environ¬ 
ment  and  gives  us  visibility7  that  we  didn’t 
have  before. 

Can  you  share  some  success  secrets  for 
implementing  change  in  a  large  global 
organization  such  as  yours? 

If  you  believe  you  need  to  do  it,  invest  wdsely 
in  the  right  leadership  team  and  build  a  busi¬ 
ness  case  for  the  right  level  of  fimding.  Get 
people  aligned  and  trained.  Don’t  underesti¬ 
mate  the  need  for  supporters  both  in  manage¬ 
ment  and  within  the  IT  user  community. 

Don’t  think  you  are  ever  done,  because  it’s 
a  learning  process.  IT  transformation  is  a 
journey. 

For  More  Information: 

Check  out  tins  white  paper, 

“Transforming  the  IT  Infrastructure”, 
at  www.cio.com/whitepapers/hp 


Lucent  Technologies 

Bell  Labs  Innovations 


Custom  Publishing 


i 


FIELD-TESTED  IDEAS  FROM  CIOs  TO  CIOs 


visor,  I  learned  that  something  wasn’t  right. 

The  supervisor  felt  Anna  was  too  shy,  and  the  independent 
nature  of  the  work  did  not  suit  her.  Anna,  in  turn,  wanted 
more  challenges  and  more  feedback,  and  she  wanted  to  be 
more  connected  to  the  organization  through  group  projects. 

I  dropped  by  Anna’s  office  one  afternoon  and  asked  her  to 
join  me  for  ice  cream  at  the  mall  next  to  our  building.  As  we 
chatted  about  her  sports  activities  from  high  school,  her  shy¬ 
ness  melted.  I  learned  quite  a  bit  about  how  differently  her  gen¬ 
eration  views  school,  work  and  careers.  We  sat  for  two  hours, 
laughing  about  stories  from  my  generation  (for  instance,  how 
my  friends  thought  it  would  be  funny  to  shuffle  a  sequence  of 
computer  punch  cards  so  that  my  program  would  not  run  cor¬ 
rectly).  Her  stories  were  similar  in  tone,  except  the  tools  and 
venues  were  IM,  chat  rooms  and  cell  phone  photos. 

With  only  six  weeks  left  before  Anna  returned  to  school,  we 
had  reached  a  fork  in  the  road.  I  discussed  the  situation  with 
my  managers  and  we  decided  to  reassign  Anna  to  a  Web  devel¬ 
opment  project,  working  closely  with  another  developer  and  a 
business  analyst.  It  demanded  that  she  “come  out  of  her  shell,” 
relate  to  users  as  a  member  of  the  IT  team,  and  act  more  inde¬ 
pendently  and  creatively.  Before  returning  to  school,  Anna 
developed  a  Web-based  BlackBerry  request  form  as  part  of 


our  service  request  system  that  both  improved  service  request 
efficiency  and  enhanced  her  internship  experience. 

Anna  had  changed  from  a  shy,  quiet  individual  to  an  ener¬ 
gized  contributor  to  the  team.  She  relished  the  experience  and 
looked  forward  to  returning  to  our  firm  the  following  summer. 
And  these  five  lessons  I  learned  from  her  about  the  next  gen¬ 
eration  remain  etched  in  my  brain. 

1.  A  structured  work  environment  that  clearly  links  the 
interns’  assignments  to  the  overall  objectives  of  the  organiza¬ 
tion  reinforces  the  idea  that  the  work  matters. 

2.  Working  in  teams  is  far  more  desirable  than  working 
independently. 

3.  Demanding  that  interns  think  creatively  makes  the  work 
much  more  rewarding. 

4.  Communication  is  essential!  They  thirst  for  feedback. 

5.  The  personal  touch  and  a  social  environment  are  impor¬ 
tant  aspects  of  their  work  experience. 

How  I  Applied  Anna’s  Lessons 

In  2004  I  wanted  to  expand  our  strategic  planning  process 
to  include  benchmark  data  on  the  effective  use  of  technology 
at  other  law  firms.  To  do  that,  we  hired  two  college  interns  for 
the  summer,  Katie  and  Bridgette.  This  time,  the  interns  would 


ENABLE 


text  messaging  and 

PROTECT 

the  delivery 


i : 


b; 


Today  we  are  living  in  the  "Any  Era,”  where  everyone  expects  to  connect  and  communicate  any  time,  anywhere ,  from 
any  device.  From  simple  text  messaging  to  rich  pictures  and  video,  VeriSign  intelligent  infrastructure  services  enable 
and  protect  themew  ways  the  world  works,  lives,  and  laughs.  To  learn  more,  visit  www.enableandprotect  com 


%  rr- '■••Vv 


reserved  V.viSmn.  Urn  \4»n'Jiqn  l<> 

'  ■  ■'  aK  .V  . 

bWAT..  a  -  ■  ■  ■  7 


yylpgcv.th**  <  her  kh», jik  circle,  and' Other  tfJdouwrlU.  service  marks,  and  designs  ,i 


stored  or  unregistered  trademarks  of  VenSicm  and  it 4  substdijrii 


i  the  United  State 


work  directly  with  me. 

With  the  help  of  my  staff,  I  designed  a  “work  curriculum,” 
similar  to  a  college  course.  This  provided  the  framework  that 
linked  the  interns’  assignments  to  the  project  objectives.  Katie 
and  Bridgette  started  their  work  by  meeting  with  me  to  dis¬ 
cuss  expectations.  By  the  end  of  the  session,  I  could  see  their 
creative  wheels  whirring,  but  the  task’s  scope  intimidated 
them.  However,  a  pep  talk  provided  them  with  the  confidence 
they  needed. 

As  with  Anna,  the  first  week  of  orientation  included  an 
overview  of  the  firm  and  its  technology  tools.  However,  as  part 
of  their  assignment,  Katie  and  Bridgette  were  each  to  craft  an 
e-mail,  addressed  to  the  entire  IT  department,  introducing 
themselves.  I  laughed  when  I  saw  the  first  e-mail,  with  the 
subject  line  “A  little  more  info  about  the  mysterious  girl  in  the 
corner.”  It  was  both  humorous  and  engaging,  and  it  gener¬ 
ated  a  whirlwind  of  interaction  in  the  department.  The  interns 
were  off  to  a  great  start.  I  was  confident  their  social  needs  were 
going  to  be  met  right  away. 

It  was  important  for  me  to  assess  their  communication 
skills  because  this  assignment  required  meetings,  phone  calls 
and  e-mail  with  senior  management,  department  heads  and 
CIOs  at  other  firms.  I  decided  to  give  Katie  and  Bridgette  some 


frank  advice.  “Relationship  building  is  everything,”  I  told 
them,  “and  cryptic  instant  messaging  will  be  the  demise  of 
your  assignment.”  I  also  requested  that  they  e-mail  me  a  100- 
to-300-word  weekly  summary  every  Friday,  telling  me  what 
they’d  learned  while  report¬ 


A  Curriculum  for  Interns 


To  check  out  Barbara  Kunkel’s  cur¬ 
riculum  for  her  IT  Interns,  including 
assignments,  requirements  and 
more,  go  to  www.cio. com/101506 


ing  on  the  project’s  progress. 

Every  Monday  morning,  I’d 
give  them  feedback.  This  pro¬ 
cess  fostered  a  continuous, 
open  dialogue. 

At  the  end  of  the  summer, 

Katie  and  Bridgette  had  to  give  a  PowerPoint  presentation 
to  the  department  heads,  summarizing  their  project.  Their 
performance  was  impressive,  and  in  fact,  it’s  one  of  the  high¬ 
lights  of  my  career— the  equivalent  of  building  a  dream  team 
for  the  soccer  season.  The  field  of  play  may  be  different,  but 
the  goal  remains  the  same:  nurturing  talent  through  good 
mentoring.  QQ 


Barbara  Kunkel  is  CIO  of  law  firm  Nixon  Peabody  in 
Rochester,  N.Y.,  and  is  a  member  of  the  CIO  Executive 
Council.  To  comment  on  this  article,  go  to  the  online 
version  at  www.cio.com/101506. 


so  the  world  can 


Wv  fW'.''-  • 

.  'A  ~  . 


■  /  ‘‘.t 

;  ■  * V 

;'-Vp 


y* .  'r* 

.  V  ' 

&  • . : 


<1.  V< 


m! 


<  t\£  :m  .  v 
'  iJt  la  i  a  / 

\ 

C/  A  L  A  I 


Driven, 

We  serve  7  of  the  top  7  global  automobile  manufacturers. 


o 


I. 


lr  * 

( j  S' 

.  £ 

1  '  , 

- 1  ) 

A 

'l) 

1 

A 

) 

) 

'  $ 

1 

<  i  > 

1 1  * 

% 

^  (.  . 

A 

'  1 

-v  i ) 

i 

v  1  ) 

1 

A 

■)  A 

) 

vp 

f 

nv 

,V< 

1, 

)  1,1  ji 

We  serve  10  of  the  top  10  global  diversified  financial  institutions. 


We  serve  1 0  of  the  top  1 0  global  life  science  companies. 


- 


,  >\/iV 


r  is  -  •• 


:  V-.  •.  i  -jpV 


4 


From  strategy  through  execution,  we  collaborate  with  our  clients 


!  ' 


(Jit 

I 


Management  &  Technology  Consultants 


— , 


. .  ■ 


Agere  Systems  Director  of 
Infrastructure  Chris Morri 
"persuaded”  his  suppliers 
customers  to  use  E2open’s 
supply  chain  services  by  si 
ing  them  the  value  it  could 
return  to  both  parties. 


Cover  Story  |  Supply  Chain  Management 


The  era  of  do-it-yourself  supply  chai  n 
integration— its  costs,  its  risks  and  its  drain 
on  your  IT  resources— is  coming  to  an  end. 

Help  has  arrived. 

Integration 

Liberation 

BY  THOMAS  WAILGUM 


Reader  ROI 

::  Why  traditional 
forms  of  supply 
chain  integration 
have  become 
untenable 

::  Which  new  forms 
of  integration  are 
emerging 

::  How  a  hosted 
supply  chain 
network  works 


NINE  MONTHS.  That’s  how  long  it  typically  took  Agere  Systems’  IT  staff  to  set  up 
an  electronic  trading  connection  to  a  major  supplier  or  customer. 

Nine  months  for  each  and  every  one. 

“We  did  every  bit  of  integration  ourselves,  and  every  supplier’s  connection  had  to 
be  different,”  says  Chris  Morris,  the  director  of  IT  infrastructure  and  operations  at  the 
semiconductor  maker. 

Worse,  those  connections— whether  via  e-mail,  the  Web  or  more  complex  linkages 
like  electronic  data  interchange  (EDI)  or  the  high-tech  industry’s  own  electronic  lingua 
franca,  RosettaNet— were  all  supported  by  different  and  ultimately  inefficient  processes 
inside  Agere.  Procurement  staffers  had  to  chase  down  orders  via  phone,  fax  or  e-mail,  and 
manually  key  in  EDI  data  into  Agere’s  Oracle  ERP  system.  And  Oracle  could  do  little  to 
help.  Morris  says  Oracle’s  supply  chain  tool  had  neither  the  external-facing,  automated 
service  capabilities  nor  the  reporting,  metrics  and  error-handling  features  that  Agere 
wanted  and  Morris  felt  the  company  needed. 

There  had  to  be  a  better  way  to  make  the  connections. 

There  was. 

The  Trail  of  Broken  Links 

Morris,  of  course,  isn’t  alone.  Plenty  of  today’s  supply  chains  are  slowed  and  even  crip¬ 
pled  by  entrenched  manual  processes  and  disconnected  enterprise  systems.  Right  now, 
says  Noha  Tohamy,  a  supply  chain  and  pricing  solutions  analyst  at  Forrester  Research, 
“there’s  no  significant  integration  between  manufacturers  and  their  suppliers’  and  cus¬ 
tomers’  enterprise  systems.”  Supporting  her  claim,  more  than  60  percent  of  companies 


PHOTO  BY  PETER  MURPHY 


www.cio.com  |  OCTOBER  15,  2006  49 


Cover  Story  |  Supply  Chain  Management 


responding  to  an  April  2006  Aberdeen 
Group  survey  described  their  current 
supply  chain  processes  as  manual,  spread¬ 
sheet-intensive,  only  partially  automated 
and  dependent  upon  different  software 
systems  within  their  own  companies. 

In  short,  the  current  state  of  the  supply 
chain  is  not  too  good. 

The  reasons  for  the  disconnects  with 
supply  chain  partners  are  many,  beginning 
with  the  fact  that  CIOs  are  still  struggling  to 
integrate  their  own  ERP  applications  with 
their  own  supply  chains,  never  mind  con¬ 
necting  to  and  integrating  with  their  part¬ 
ners’.  Indeed,  60  percent  of  the  respondents 


to  a  2005  Aberdeen  Group  survey  said 
complete  internal  integration  would  give 
them  a  competitive  advantage  —if  only  they 
could  manage  to  do  it. 

The  back-office  enterprise  systems 
in  most  companies  weren’t  designed 
to  support  the  multiapplication,  external¬ 
facing  services  that  real-time  supply  chains 
require.  They’re  too  inflexible.  “When  you 
want  to  make  a  change  [to  your  legacy  ERP 
or  SCM  system],  it’s  basically  like  ripping 
up  concrete,”  says  Beth  Enslow,  senior  VP 
of  enterprise  research  at  Aberdeen  Group. 

But  whether  they  realize  it  or  not,  the  era 
is  over  of  CIOs  thinking  that  they  can  con¬ 


nect  multiple,  external  systems,  that  they’ll 
have  the  money  and  staff  expertise  to  do 
it,  and  that  communications  protocols  like 
EDI  and  RosettaNet  will  somehow  magi¬ 
cally  integrate  their  supply  chain  infor¬ 
mation  for  them.  Done.  Finished.  Why? 
Because  that  thinking  has  rarely  produced 
any  value  for  the  enterprise.  In  one  For¬ 
rester  report,  nearly  60  percent  of  the  com¬ 
panies  surveyed  said  they  did  not  achieve 
the  expected  ROI  from  their  supply  chain 
management  technology  solutions. 

“Traditional  electronic  data  interchange, 
value-added  networks  are  dead,”  says  Ben¬ 
oit  Lheureux,  a  research  director  in  Gart- 


The  Hosted  Supply  Chain  Menu 

Before  you  sign  on  to  use  the  B2B  services  of  the  new  integration  service  providers, 
you  should  know  your  options 


Multitenant 

Multi-Instance 

ASP  and 

Hybrid 

Evolving  EDI/ 

Shared  Service 

Utility  ASP 

VAN  Service 

Providers 

Definition:  Multiple 
companies  use  the 
same  instance  of 
hosted  software. 

Advantage:  Lower 
costs  and  shorter 
implementation  times 
than  could  be  achieved 
in  the  standard  ASP 
model  because  the 
cost  of  software,  hard¬ 
ware  and  connections 
among  partners  are 
shared. 

Drawback:  Hard  to 
migrate  implementa¬ 
tion  in-house. 

Vendors:  LeanLogis- 
tics,  Management 
Dynamics,  Sterling 
Commerce/Nistevo, 
TradeBeam,  WeSupply 


Definition:  Each  com¬ 
pany  is  given  its  own 
instance  of  the  soft¬ 
ware  but  shares  some 
common  services, 
such  as  integration 
platform  and  security 
models. 

Advantage:  Assurance 
of  data  security  and 
flexibility  for  unique 
data  storage  or  perfor¬ 
mance  requirements. 

Drawbacks:  More  lim¬ 
ited  community  ben¬ 
efits;  shared  services 
must  be  able  to  scale 
as  adoption  grows. 

Vendor:  E2open 


Definition:  In  the  ASP 

model,  the  application 
is  hosted  by  the  ven¬ 
dor  or  by  an  outside 
hosting  company  in  a 
separate  instance  on 
external  servers.  In  the 
utility  ASP  model,  the 
servers  are  shared  by 
multiple  companies. 

Advantages:  Some¬ 
what  faster  deploy¬ 
ment  than  in-house 
implementation; 
enhanced  ability  to 
customize  applica¬ 
tions. 

Drawbacks:  No  abil¬ 
ity  to  share  cost  of 
hardware  or  business 
partner  connections; 
no  native  community 
benefits. 

Vendors:  Edge  Dynam¬ 
ics,  Red  Prairie 


Definition:  Primary 
SCM  application 
located  on  your  prem¬ 
ises  or  your  trading 
partner’s.  Supplemen¬ 
tary  functionality  pro¬ 
vided  via  on-demand 
model. 

Advantage:  Creates 
new  value  from  exist¬ 
ing  in-house  SCM 
implementations  with¬ 
out  having  to  staff  an 
in-house  IT  project. 

Drawback:  Imple¬ 
mentation  and  main¬ 
tenance  costs  are  no 
lower  for  your  primary 
SCM  application. 

Vendors:  Kinaxis 


Definition:  Vendors 
offer  hosted  integration 
services,  which  include 
some  combination  of 
communication,  inte¬ 
gration,  trading  part¬ 
ner  management  and 
application  services. 

Advantage:  Can  offer 
traditional  services 
as  well  as  more  innova¬ 
tive  capabilities, 
which  utilize  SOA  and 
offer  multiprotocol 
functionality. 

Drawback:  Too  many 
vendors  still  trying  to 
differentiate  them¬ 
selves. 

Vendors:  ADX,  GXS, 
Sterling  Commerce 

-T.W. 

SOURCES:  Aberdeen  Group, 
Gartner 


50  OCTOBER  15,  2006  |  www.cio.com 


INNOVATIONS  IN 


i 


r 


Florida  Guardian  ad  Litem  Saw  the  Future  of  Child  Advocacy. 


Citrix  Provided  Access. 


“Custody  rulings.  Foster  care.  Adoptions.  Our  founding  vision  was  to  give  every  abused 
and  neglected  child  in  Florida  a  strong  advocate  in  court.  Two  years  later,  we’re  well  on 
our  way.  Today,  program  staff,  attorneys  and  over  5,000  volunteers  represent  more 
than  27,000  children.  Instead  of  information  in  file  drawers  scattered  all  over  the  state, 
Citrix  software  gives  advocates  secure  access  to  our  case  management  system  from 
anywhere.  Resources  are  precious,  so  we  must  apply  them  wisely,  not  waste  time 
chasing  data.  These  kids  depend  on  us.  That’s  why  we’re  depending  on  Citrix  to  take 
us  the  rest  of  the  way  to  advocate  for  every  Florida  child  in  need.  ’’ 


JOHNNY  C.  WHITE 

CIO 

Florida  Guardian  ad  Litem  Program 


Access  your  future  today  at 
citrix.com. 


©2006  Citrix  Systems,  Inc.  All  rights  reserved.  Citrix®  is  a  trademark  of  Citrix  Systems,  Inc. 
and/or  one  or  more  of  its  subsidiaries,  and  may  be  registered  in  the  United  States  Patent 
and  Trademark  Office  and  in  other  countries.  All  other  trademarks  and  registered 
trademarks  are  the  property  of  their  respective  owners. 


CITRIX 


Cover  Story  |  Supply  Chain  Management 


ner’s  application  development,  integration 
and  Web  technologies  group. 

For  many  CIOs,  this  is  very  bad  news 
indeed. 

A  New  Way  to  Integrate 

Fortunately,  hope  for  supply  chain  infor¬ 
mation  integration  did  not  die  with  those 


old,  kludgy  networks.  As  Agere  and  many 
other  companies  have  discovered,  there’s 
an  emerging  category  of  third-party,  hosted 
options  that  successfully  blend  traditional 
value-added  network  (VAN)  capabilities 
with  on-demand  hosted  supply  chain 
software  and  back-office  integration  ser¬ 
vices.  Companies  in  this  evolving  market, 


Since  going  live  with  hosted  services  for 
order  management  and  inventory,  Imperial 
Sugar  CIO  George  Muller  (standing  in  an 
old  sugar  mill)  has  found  that  his  staffers 
are  “managing  exceptions  rather  than  every 
transaction.  They  can  focus  instead  on 
higher-value  activities.” 


such  as  E2open,  GXS,  Inovis  and  Sterling 
Commerce,  offer  a  single  point  of  data 
exchange— whether  using  EDI,  RosettaNet 
or  XML  standards— that  acts  as  a  gateway 
for  partner-to-partner,  enterprise  system 
integration  and  collaboration.  For  compa¬ 
nies  like  Agere,  it’s  now  possible  to  make  a 
single  electronic  connection  to  all  custom¬ 
ers  and  suppliers  if  they  use  E2open.  Even 
better,  that  task  can  be  taken  care  of  by  a 
third  party. 

Indeed,  Lheureux  claims  that  over  the 
past  few  years  this  new  strategy  has  so 
transformed  the  possibilities  in  supply 
chain  networking  that  companies  and  CIOs 
that  haven’t  investigated  the  new  services 
“have  an  understanding  of  the  market  that 
is  obsolete.” 

The  Long  Wait  for 

Integration 

According  to  a  July  2006 IDC  survey  (IDC 
is  a  sister  company  of  CIO)  that  asked  com¬ 
panies  to  describe  how  they  collaborated 
with  their  supply  chain  partners,  the  most 
cited  method  was  e-mail  (88  percent).  Also 
making  the  list:  fax  (73  percent),  telephone 
(62  percent)  and  snail  mail  (59  percent). 

These  tools,  which  depend  on  employ¬ 
ees’  fingertips,  have  prevented  many  com¬ 
panies  from  capitalizing  on  real-time  B2B 
collaboration.  In  a  September  2005  Aber¬ 
deen  Group  study,  75  percent  of  survey 
respondents  with  annual  revenue  of  more 
than  $1  billion  report  that  their  supply 
chain  applications  limit— not  enhance— the 
services  they  can  offer  customers. 

A  root  cause  of  this,  according  to  ana¬ 
lysts,  is  “a  huge  underinvestment  in  tech¬ 
nology  to  support  global  supply  chain 
processes,”  says  Aberdeen’s  Enslow. 
“Microsoft  Excel  is  still  the  most  popular 
supply  chain  planning  system.  [However], 


52  OCTOBER  15,  2006  |  www.cio.com 


PHOTO  BY  SCOTT  KOHN 


ETERNUS 


more  you 


Fujitsu  ETERNUS®  Storage  Systems:  Uncompromising 
reliability  for  your  most  demanding  applications. 


To  help  enterprises  manage  the  flood  of  mission-critical  data,  Fujitsu  ETERNUS  Storage  Systems  deliver  the 
reliability  and  availability  data  centers  require.  For  continuous  data  access  and  easier  maintenance,  major 
components  are  highly  redundant  and  hot-swappable.  The  controller  modules’  software  can  also  be  upgraded 
without  shutting  down  or  rebooting.  A  built-in  statistical  failover  mechanism  ensures  stable  operation  by  disabling 
components  exhibiting  intermittent  failures.  Furthermore,  disk  data  encryption  using  1 28-bit  AES  provides  security 
against  data  theft.  Go  to  us.fujitsu.com/computers/reliability3  for  more  information. 


DATA  PROTECTION — Online,  efficient  disk-to-disk 
backup  using  tiered  storage 


DISASTER  RECOVERY— Cost-effective,  secure 
remote  data  replication  over  iSCSI 
with  IPsec  data  encryption 


FUJITSU 


THE  POSSIBILITIES  ARE  INFINITE 


©  2006  Fujitsu  Computer  Systems  Corporation.  All  rights  reserved.  Fujitsu,  the  Fujitsu  logo  and  ETERNUS  are  registered  trademarks  of  Fujitsu  Limited.  All  other  trademarks  mentioned  herein  are  the  property  of  tlieir  respective  owner; 


Cover  Story  |  Supply  Chain  Management 


it’s  not  scalable  and  it  does  not  promote 
collaboration— either  internally  or  across 
trading  partners.” 

Agere’s  Morris  says  he  had  a  wake- 
up  call  when  his  staffers  started  taking 
a  closer  look  at  their  supply  chain  pro¬ 
cesses  during  the  evaluation  of  E2open’s 
services.  It  was  not  a  pretty  sight. 
“We  didn’t  realize  that  this  was  the  way  we 
did  things,”  he  recalls  glumly. 

EDI,  which  Agere  relied  on,  has  been  a 


staple  of  many  companies’  systems  (63  per¬ 
cent  in  the  IDC  study)  for  a  long  time.  But 
EDI  has  limitations.  To  begin  with,  the  cost 
of  having  a  VAN  provider  maintain  EDI 
communications  between  trading  partners 
has  been  prohibitive  for  many  small  and 
midsize  companies.  (For  more  on  this,  see 
“How  to  Keep  the  Web  from  Becoming  a 
Trap,”  wzow.cio.com/050106.)  And  although 
EDI  facilitates  the  electronic  transfer  of 
information  between  partners,  that  data 


does  not  flow  internally  between  ERP  and 
CRM  systems  because  different  vendors’ 
applications  and  systems,  which  follow 
different  networking  and  communication 
standards,  can’t  interoperate.  That  forces 
companies  to  use  manual  processes  to 
update  ERP  and  SCM  systems,  generating 
inefficiencies  and  errors. 

More  challenges  come  with  the  interna¬ 
tionalization  of  business.  CIOs  must  deal 
with  suppliers  from  every  corner  of  the 
globe  with  varying  degrees  of  technologi¬ 
cal  sophistication,  as  well  as  multiproto¬ 
col  communication  mechanisms  that  all 
have  to  hook  back  into  the  CIOs’  internal 
systems.  According  to  Enslow’s  research, 
global  supply  chains  in  large  enterprises 
were  not  nearly  as  automated  as  their 
domestic  supply  chains.  This  dependency 
upon  a  supplier’s  questionable  systems, 
upon  their  e-mails,  faxes,  and  phone  calls, 
“completely  stresses  out  ERP  and  spread¬ 
sheet  systems,”  Enslow  says. 

Enslow’s  research  revealed  that  an 
astounding  90  percent  of  enterprises  say 
their  global  supply  chain  technology  is 
inadequate  to  provide  their  organizations 
with  the  timely  financial  information  they 
require. 

Inside  the  Hosted  Supply 

Chain:  A  Case  Study 

In  2001,  Agere  was  made  an  offer  it 
couldn’t  refuse.  One  of  its  biggest  custom¬ 
ers,  disk-drive  maker  Seagate  Technolo¬ 
gies,  strongly  suggested  that  Agere  sign 
on  to  E2open  because  Seagate,  IBM  and 
others  in  the  high-tech  industry  thought 
E2open’s  services  represented  the  supply 
chain  future.  (E2open  had  morphed  from 
its  beginnings  as  a  dotcom-era  online 
exchange  into  a  vendor  of  hosted  supply 
chain  software.) 

By  June  2005,  Agere  had  dutifully 
switched  its  supply  chain  front  end  over  to 
E2open  and  with  it  brought  along  80  of  its 
primary  component  suppliers.  In  a  fashion 
similar  to  the  way  Seagate  “suggested”  that 
Agere  begin  using  E2open,  Agere,  accord¬ 
ing  to  Morris,  “persuaded”  its  suppliers 
and  customers  to  use  E2open’s  services  by 
showing  them  the  value  it  could  return  to 
both  parties.  (“Of  Continued  on  Page  58 


Their  Software,  Your  Problem 


Why  the  big  enterprise  vendors  are  not  (and  probably 
won't  be)  riding  to  the  supply  chain  rescue 

SOME  CIOS,  accordingto  Beth  Enslow,  senior  VP  of  enterprise  research 
at  Aberdeen  Group,  seem  to  be  waiting  for  their  enterprise  vendors  to  solve 
their  supply  chain  technology  problems  for  them. 

They  could  have  a  long  wait  ahead  of  them. 

On-demand  supply  chain  applications  just  aren’t  their  ERP  vendors'  core 
competency.  “PeopleSoft,  even  with  300  different  software  modules,  did  not 
have  an  EDI  translations  software  suite,”  says  George  Muller,  VP  and  CIO  of 
Imperial  Sugar,  who  uses  Sterling  Commerce’s  services  for  order  manage¬ 
ment  and  inventory.  "PeopleSoft  would  handle  everything  very  well  within 
[our]  four  walls,  but  outside  the  four  walls,  PeopleSoft  was  behind  the  curve.” 

A  possible  reason  for  ERP  vendors’  reluctance  to  develop  tools  to  integrate 
their  customers’  systems  with  their  suppliers’  and  customers’  systems  is  that 
it  would  impact  their  business  model:  selling  on-premises  software  to  a  cap¬ 
tive  customer  base.  With  the  new,  hosted  model,  customers  of  the  enterprise 
software  vendors  could  conceivably  “turn  off”  the  connection  and  go  to  some¬ 
one  else  if  they  chose. 

Representatives  from  SAP  and  Oracle,  the  biggest  enterprise  systems 
vendors,  say  that  they  are  following  the  on-demand,  hosted  SCM  market 
with  interest,  but,  so  far,  don’t  have  anything  to  offer.  “We  are  looking  at  the 
demand  for  this  market,  but  we  are  not  yet  offering  an  on-demand  model  with 
these  kinds  of  solutions,”  says  Hans  Thalbauer,  VP  of  supply  chain  manage¬ 
ment  solution  management  at  SAP. 

“When  you  look  at  that  opportunity  space,  that  is  not  a  service  that  Oracle 
has  much  interest  in  and  competency  in,”  says  Julian  Trotman,  director  of 
enterprise  integration  applications  development  at  Oracle. 

However,  both  point  to  their  companies’  fledgling  on-demand  CRM  offer¬ 
ings  to  illustrate  their  technical  capabilities  within  the  on-demand  model. 

"It’s  a  model  that  we've  tried  to  hone  over  the  last  three  to  four  years,”  says 
Trotman.  "It’s  going  to  be  a  large  part  of  our  business  going  forward.” 

As  for  the  rise  of  the  on-demand  SCM  vendors,  SAP’s  Thalbauer  doesn’t 
seem  too  worried  about  E2open,  GXS  and  the  others.  “I  don’t  view  them  as  a 
threat,"  he  says.  -T.W. 


54  OCTOBER  15,  2006  |  www.cio.com 


WHAT  IF  SECURITY  WASN’T  A  CAGE? 


WHAT  IF,  INSTEAD  OF  KEEPING  THINGS  OUT,  IT  LET  AMAZING  THINGS  IN? 

WHAT  IF  IT  MADE  YOU  BOLDER,  MORE  AMBITIOUS  AND  ENABLED  YOU  TO 
ACCOMPLISH  MORE  THAN  YOU  EVER  THOUGHT  POSSIBLE? 

WHAT  IF  SECURITY  COULD  UNLEASH  YOUR  FULL  POTENTIAL? 


Security  unleashed 


©  2006  Unisys  Corporation.  Unisys  is  a  registered  trademark  of  Unisys  Corporation. 


UNISYS 


m 


Secure  Business  Operations,  rrtagme  iU'cfo 

,  •  ;M2i 

■ 

i‘*:V 

www.securityunleashed.com 


a 


Your  potential.  °m  passion. 

Microsoft  * 


A  Stock  Market  Processing  300  Million  Transactions  a  Day. 

Running  on  Microsoft  SQL  Server  2005. 


& 

i 

& 


fr 

1 

K  » 

NASDAQ,  the  largest  U.S.  electronic  stock  market,  lists  companies  from  37  countries. 
Their  crucial  trading  and  messaging  systems  use  SQL  Server™  2005  to  handle  up  to 
64,000  transactions  per  second  with  99.999%  uptime*  See  how  at  microsoft.com/bigdata 


Microsoft 

SQL  Server  2005 


Cover  Story  |  Supply  Chain  Management  Continued  from  Page  54 


Trust,  But  Verify 


Should  you  open  your  kimono  for  your  suppliers  and 

customers?  It  depends  on  how  well  you  know  them. 

wML.  °  t 

THE  AGE-OLD  ISSUE  of  trust  rears  its  head  once  again  as the  hosted  supply 
chain  model  allows— and  encourages— enterprises  to  let  their  suppliers  and  cus¬ 
tomers  look  behind  their  collective  firewalls.  According  to  Noha  Tohamy,  Forrester 
Research  supply  chain  and  pricing  solutions  analyst,  most  companies  feel  that 
multienterprise  integration  is  the  only  way  that  they  can  improve  their  supply  chains 
"but  when  the  rubber  meets  the  road,  companies  are  very  cautious  about  what 
information  they  will  share  with  their  trading  partners,  and  certainly  what,  if  any, 
type  of  integration  they  are  willing  to  have  directly  between  their  and  their  partners’ 
systems." 

Ranga  Jayaraman,  CIO  of  Hitachi  Global  Storage  Technologies,  agrees  that  these 
issues  must  be  smoothed  out  before  the  real  benefits  of  supply  chain  integration  can 
be  realized.  “The  trust  between  companies  has  to  be  there,”  Jayaraman  says. 

One  way  to  decide  how  far  to  go  with  suppliers  and  customers  is  to  analyze  the 
nature  of  the  partnership  and  make  some  hard  decisions.  Is  it  a  small  supplier  that 
you  can  afford  to  lose?— in  which  case  you  might  consider  dropping  it  rather  than 
getting  stuck  dealing  with  its  manual  entry  work— or  is  it  your  most  important  sup¬ 
plier?— in  which  case  you  may  do  everything  short  of  paying  its  monthly  bills  to  get 
it  to  use  your  hosted  service.  Is  the  supplier’s  facility  totally  dedicated  to  your  com¬ 
pany,  or  does  it  supply  other  customers  from  which  it  draws  higher  margins  on  its 
products?— in  which  case  it  may  be  more  resistant  to  your  blandishments. 

For  example,  Imperial  Sugar  VP  and  CIO  George  Muller  is  trying  to  help  one  of 
Imperial’s  biggest  customers  get  up  and  running  on  some  basic  EDI  transactions  (as 
well  as  with  its  SAP  rollout),  which  will  lessen  manual  work  for  both  companies  and 
lay  the  foundation  for  an  integrated  supply  chain  with  Imperial  in  the  future.  Because 
this  is  such  an  important  customer  for  Imperial,  Muller  says  he’s  putting  in  the  hours 
and  providing  his  expertise  for  his  customer’s  benefit,  doing  everything  he  can  to 
make  it  work.  If  the  customer  were  not  so  important,  Muller  might  not  be  extending 
himself  to  that  extent.  -T.W. 


course,  some  of  our  suppliers  are  a 
lot  bigger  than  us,”  Morris  points 
out,  meaning  that  he  couldn’t  sim¬ 
ply  force  a  partner  to  sign  on.) 

Through  E2open’s  single,  Web- 
enabled  connection,  Agere  (and 
those  of  its  trading  partners  that 
have  signed  on  to  use  E2open’s 
hub)  now  has  a  more  accurate, 
timely  view  of  demand  and  order 
management  data  than  it  did  previ¬ 
ously,  when  it  depended  largely  on 
manual  processes,  including  fax, 
e-mail  and  phone  calls.  For  exam¬ 
ple,  the  buyers  in  Agere’s  procure¬ 
ment  group  are  now  able  to  quickly 
adjust  order  amounts  to  match  new 
(and  more  accurate)  forecasts  and 
then  modify  supplier  shipment 
data  before  it  becomes  a  problem 
(an  incorrect  amount)  in  the  back- 
office  Oracle  lli  system.  On  the  back 
end,  the  purchasing  group,  which 
tracks  the  ebb  and  flow  of  purchase 
orders  worldwide,  is  now  able  to 
send  and  receive  purchase  orders 
that  are  now  both  more  up  to  date 
and  accurate.  And  many  of  those 
manual  processes  are  becoming 
a  memory  as  supplier  data  is  now 
able  to  flow  automatically  into 
Agere’s  Oracle  ERP  applications 
through  E2open’s  hub.  From  a  busi¬ 
ness  process  perspective— as  well 
as  from  the  IT  side  of  the  house— 
the  savings  are  immense. 

“With  one  single  integration 
point,  E2open  shields  us  from 
doing  the  actual  integration  work 
ourselves,”  Morris  says.  “We  don’t  see  any 
of  those  problems  anymore.  Now  [integra¬ 
tion  work]  is  E2open’s  headache.” 

Currently,  Agere  uses  E2open’s  hosted 
services  for  forecasting,  generating  orders, 
demand  and  supply  synchronization,  and 
logistics  visibility.  Of  Agere’s  80  primary 
component  suppliers  hooked  into  E2open, 
four  are  “fully  integrated,”  Morris  says.  That 
means  that  supply  chain  data  “flows  directly 
from  their  systems  through  E2open’s  and 
to  ours  without  anybody  touching  it  at  all.” 
Agere’s  Oracle  lli  ERP  system,  based  in  its 
Allentown,  Pa.,  headquarters,  receives  all 
the  inventory  and  forecasting  updates  auto¬ 


matically.  If  they  choose,  Agere  employees 
can  go  into  the  E2open  site  to  see  metrics  on 
how  their  suppliers’  goods  are  tracking  or  to 
look  at  forecasts. 

Those  76  Agere  suppliers  not  yet  fully 
integrated  still  are  able  to  input  their  data 
into  an  E2open-hosted  customized  web¬ 
page,  where  they  can  view  all  transac¬ 
tions,  orders  and  status.  But  even  when 
those  suppliers  add  supply  chain  data  to 
the  site  manually,  Agere’s  side  of  the  equa¬ 
tion  stays  electronic,  with  the  data  flowing 
automatically  into  Agere’s  Oracle  system. 
From  Morris’s  point  of  view,  even  if  all  his 
suppliers  never  get  to  the  full  integration 


stage,  it’s  been  worth  it  already  because  of 
the  efficiencies  gained  from  working  with 
real-time  data,  the  savings  that  come  with 
reducing  manual-entry  errors  and  the 
greater  systems  integration  achieved  by 
Agere’s  suppliers  and  customers. 

Implementing  E2open’s  package  only 
took  Agere  nine  months,  which  is  one  of 
the  big  selling  points  of  the  outsourced, 
supply  chain  service  providers:  faster 
implementation  times  with  measurable 
returns  on  investment. 

Ron  Vance’s  investment  in  E2open  was 
“very  modest.”  “It’s  not  like  we  put  a  couple 
of  million  dollars  into  this  thing,”  the  CIO 


58  OCTOBER  15,  2006  |  www.cio.com 


Trust  is  knowing  that  when  you  need  someone  the  most,  they'll  be  there 


At  Perot  Systems,  we  build  successful  business  relationships  through  the 
principles  of  honesty,  integrity,  and  accountability.  These  core  values,  along 
with  our  integrated  technology  solutions,  help  us  deliver  measurable  results 
to  more  than  400  global  clients.  We've  become  a  trusted  advisor  to  these 
organizations  by  helping  them  improve  operations,  control  costs,  and 
enhance  their  competitive  advantage. 


Discover  how  Perot  Systems  can  meet  your  next  IT  challenge,  no  matter  how 
high  your  goals.  Call  us  at  1  888  31  PEROT,  or  visit  www.perotsystems.com. 


For  tips  on  making  service  provider  engagements  more  successful,  download 
the  popular  white  paper  written  by  renowned  business  transformation  expert, 


James  Champy—  ", Avoiding  the  Seven  Deadly  Sins  of  Outsourcing  Relationships" 
at  www.perotsystems. com/thoughtleadership. 


©  Copyright  2006  Perot  Systems 


Cover  Story  |  Supply  Chain  Management 


"E2open  shields  us  from  doing  the 
actual  integration  work  ourselves. 

We  don’t  see  any  of  those  problems 
jmggm  anymore.  Now  integration 
§jgpg  work  is  E2open's  headache." 

4:  dBP1  -  Chris  Morris,  Agere  Systems  director  of  IT  infrastructure  and  operations 


of  Tyco  Electronics  says.  “It’s  more  like  a 
couple  of  hundred  thousand.” 

Ranga  Jayaraman,  CIO  of  Hitachi  Global 
Storage  Technologies,  says  that  going  with 
E2open’s  system  versus  going  with  a  home¬ 
grown  one  provided  his  company  with  a 
33  percent  reduction  in  onetime  costs. 

Staff  Liberation 
Through  Hosting 

Along  with  reducing  costs  (which  all  CIOs 
are  under  pressure  to  do)  and  increasing 
the  accuracy  of  forecasting  and  tracking 
(which  all  business  users  depend  upon), 
CIOs  also  want  to  expend  fewer  internal 
IT  resources  on  customization  and  trou¬ 
bleshooting  in  order  to  free  up  their  staff¬ 
ers  to  work  on  more  strategic  projects,  says 
Aberdeen’s  Enslow. 

At  Imperial  Sugar,  an  $800  million  sugar 
processer  and  refinery,  VP  and  CIO  George 
Muller  is  running  Sterling  Commerce’s  ser¬ 
vices  for  order  management  and  inventory. 
Since  going  live  with  Sterling’s  services  in 
2004,  he’s  found  that  his  IS  staffers  are 
“managing  exceptions  rather  than  every 
transaction.  They  can,”  he  says,  “focus 
instead  on  higher-value  activities.” 

For  example,  whereas  Muller’s  team 
previously  had  to  find  and  fix  exception 
transactions  that  wound  up  in  what  Muller 
calls  an  “edit  and  correction  bucket,”  now, 


And  for  You  Mid-Market  Guys... 


The  specific  challenges  of  hosting  your  supply 
chain  software  if  you’re  a  smaller  enterprise  is 
addressed  in  the  article  “Meet  Your  New  Host,” 

at  www.cio.com/090106. 

cio.com 


because  these  exceptions  are  fewer  and 
more  easily  identified,  his  team  can  focus 
on  development  and  system  enhancement 
requests  that  “drive  business  value  versus 
day-to-day  maintenance.” 

There’s  another  advantage  of  using  an 
outsourced  integration  service  provider: 
The  hosted  front  end  of  an  enterprise’s  sup¬ 
ply  chain  system  has  the  ability  to  commu¬ 
nicate  with  the  different  communications 
protocols  found  in  today’s  supply  chain. 
Jayaraman  says  that  E2open’s  ability  to 
translate  from  one  language  to  another  is 
hugely  significant  for  Hitachi.  For  exam¬ 
ple,  say  a  company’s  systems  can  commu¬ 
nicate  only  in  the  “language”  of  RosettaNet 
but  the  company’s  partners  speak  in  EDI, 
XML  or  SAP’s  iDoc.  E2open  enables  the 
front-end  translation  from  one  language  to 
another  and  updates  the  back-end  systems 
as  well— which  is  where  current  enterprise 
SCM  systems  really  fall  down.  As  Muller 
says,  “If  you’re  a  customer  of  ours,  you  can 
have  it  your  way.” 

Of  Course,  Nothing  is 
Ever  That  Simple 

Gartner’s  Lheureux  says  that  right  now 
he’s  tracking  more  than  85  vendors  that 
claim  to  offer  some  sort  of  integration  ser¬ 
vices  for  all  forms  of  multienterprise  inte¬ 
gration,  including  the  supply  chain.  (For 
a  menu  of  the  services  available,  see  “The 
Hosted  Supply  Chain  Menu,”  Page  50). 
Market  leaders  currently  include  GXS, 
Sterling  Commerce,  Inovis  and  E2open, 
and  Lheureux  estimates  the  market  right 
now  to  be  worth  around  $1  billion. 

The  first  challenge  for  these  vendors 
will  be  overcoming  resistance  from  CIOs. 


According  to  an  Aberdeen  Group  survey, 
CIOs  worry  about  data  security,  integrat¬ 
ing  on-demand  solutions  with  internal  sys¬ 
tems  and  downtime  problems;  in  addition, 
they’re  concerned  that  outsourcing  their 
supply  chain  applications  will  compromise 
their  ability  to  tweak  these  applications  for 
individual  customers.  “As  a  CIO,  I  believe  I 
can  do  things  internally  as  well  as  turning 
the  keys  over  to  an  outsourcer,”  says  Impe¬ 
rial  Sugar’s  Muller.  But  as  he  investigated 
what  Sterling  Commerce  offered,  Muller 
was  forced  to  confront  his  staff’s  limita¬ 
tions:  “With  EDI  and  VANs,  that’s  just  not 
something  I  can  do.  Just  like  I  wouldn’t  go 
out  and  build  a  general  ledger  system  or  a 
data  center.” 

Another  challenge  for  the  integration 
vendors  is  signing  on  enough  enterprises 
to  bring  on  what  analysts  call  a  critical 
mass  of  suppliers  into  each  vendor’s  sys¬ 
tems  and  trading  hubs.  Without  that  criti¬ 
cal  mass,  CIOs  wonder  what  will  become  of 
those  vendors  and,  more  important,  what 
would  become  of  their  clients  if  they  go 
under.  “If  [E2open]  can’t  get  that  [critical 
mass],  I  don’t  know  how  they’re  going  to 
remain  in  business,”  Agere’s  Morris  says. 

Ironically,  the  flexibility  and  ease  of 
integration  these  vendors  provide  could 
also  be  their  downfall  because  the  costs 
of  switching  between  them  become  much 
lower  than  with  traditional  packaged 
application  vendors.  For  Tyco  Electronics’ 
Vance,  going  with  E2open  wasn’t  “a  bet 
the  ranch  proposition.  I  wouldn’t  be  hard- 
pressed  to  bring  in  another  tool  to  do  the 
same  kind  of  process,”  he  says.  “It’s  a  tool; 
we’re  not  locked  in.” 

While  CIOs  may  not  be  locked  in,  many 
are  locking  on  to  this  new  and  more  effi¬ 
cient  way  of  doing  business  with  their 
suppliers  and  customers.  And,  given  the 
results  so  far,  no  one  wants  to  go  back  to 
the  bad  old  days.  “It  is  inconvenient  for  us 
to  do  business  in  a  different  way,”  says  Hit¬ 
achi’s  Jayaraman.  “If  we  should  start  faxing 
things,  [our  employees]  would  quit. 

“We  don’t  have  very  many  fax  machines 
left.”  BE 


You  can  reach  Senior  Writer  Thomas  Wailgum  at 
twailgum@cio.com.  To  comment  on  this  article, 
go  to  the  online  version  at  www.cio.com/101506. 


60  OCTOBER  15,  2006  |  www.cio.com 


Only  Primavera  has  a  complete  range  of  industry-specific, 
collaborative  project,  resource  and  portfolio  management 
solutions  for  your  unique  business  needs.  We’re  currently 
helping  companies  around  the  world  successfully  manage 
their  projects  and  resources,  even  in  the  most  complex 
regulatory  and  compliance  environments.  We  can  help 
you  do  the  same.  Whatever  your  challenges,  you  can  rely 
on  one  name  for  the  right  solution.  And  that’s  Primavera. 


PRIMAVERA 


You  don't  face  the  same 
project  and  resource 
management  challenges 
as  everyone  else.  So 
why  use  one-size-fits-all 
software? 


ADVERTISEMENT 


The  Gaping  Hole  in  Most  Document 
Retention  and  Deletion  Policies 


Up  to  80%  of  your  document 
storage  could  be  putting  your 
company  at  risk 

In  today’s  hyper-regulated  climate,  companies  need  to 
enforce  a  document  retention  and  deletion  policy  that 
extends  beyond  their  core  data  storage  infrastructure. 

In  a  recent  retention  and  deletion  study  conducted  by 
CXO  Research  Services  Group,  analysts  uncovered  a 
disturbing  trend  about  policy  makers:  Most  IT  execu¬ 
tives  continue  to  focus  attention  on  corporate  e-mail 
and  documents  stored  on  servers  and  mainframes, 
overlooking  about  80  percent  of  the  documents  that 
reside  on  users’  desktops,  according  to  a  Gartner  study. 

If  your  job  responsibilities  encompass  regulatory 
compliance,  judicial  evidentiary  requirements  or 
other  mandates  that  apply  to  managing  your  com¬ 
pany’s  documents,  you  need  to  know  whether  your 
company  is  really  equipped  to  manage  this  explosion 
of  documents  across  the  enterprise. 

“It’s  clear  that  for  organizations  to  drive  greater 
compliance  and  reduce  legal  risk  they  must  deal  with 
the  threat  of  uncontrolled  documents— spreadsheets, 
word  processing  documents  and  presentations”,  says 
Darren  Lee,  president  and  CEO  of  NextPage,  a  provider 
of  desktop  document  management  solutions. 

Bob  Markham,  an  analyst  for  Cohasset  Associates  and 
a  former  analyst  for  Forrester  Research,  says,  “The 
greatest  weaknesses  in  document  retention  efforts 
stem  from  inconsistent  implementation  of  standard 
policies,  lack  of  a  coherent  document  disposal  policy 
and  too  few  users  committed  to  compliant  practices.” 

While  the  CXO  study  revealed  that  most  enterprises  do 
have  a  document  retention  policy,  almost  half  of  them 
do  not  actively  enforce  it.  The  IT  executives  surveyed 
agreed  that  employee  cooperation  was  critical  to  the 
success  of  any  document  retention  protocol.  But  they 
readily  admitted  that  less  than  50  percent  of  their 
employees  actually  adhered  to  the  policy. 

In  the  wake  of  this  research,  it  becomes  evident  that 
a  majority  of  companies— across  industries  as  diverse 
as  health  care,  high  tech,  manufacturing  education, 
finance,  retail  and  government— are  at  great  risk  of 


becoming  noncompliant,  running  afoul  of  discovery 
requirements  in  litigation  and  failing  to  protect  busi¬ 
ness-critical  data  that  sits  on  the  desktop.  While 
awareness  of  Sarbanes-Oxley,  HIPAA  and  other 
legislation  was  high,  25  percent  of  the  companies 
surveyed  do  not  have  a  document  retention  policy  in 
place  nor  have  any  plans  in  implement  one  in  the  near 
future.  With  the  plethora  of  regulations  that  mandate 
a  document  management  policy  continuing  to  grow,  it 
is  more  imperative  than  ever  for  IT  decision  makers  to 
address  the  importance  of  their  business-critical  docu¬ 
ments  everywhere  they  reside. 


Greatest  Threat  to  Businesses: 

75%  E-mail 

65%  Documents  (spreadsheets, 
word  processing,  documents, 
presentations) 

29%  Database  records 

Primary  Drivers  For  Document  Policies: 

61%  Regulatory  compliance 
38%  Ensuring  confidentiality 
33%  Reducing  litigation  risk 

Source:  IDG  Research.  Totals  add  up  to  more  than  100% 
because  respondents  could  pick  multiple  answers. 


As  an  IT  executive,  it  falls  on  you  to  develop  and  keep 
your  company’s  internal  document  retention  and  dele¬ 
tion  policies  up-to-date.  And  you  need  to  work  with 
your  employees  to  assure  consistent  compliance  with 
those  policies.  Software  alone  won't  solve  the  problem. 
You  need  to  find  trusted  partners  to  help  you  develop 
and  implement  policies  that  include  not  only  data 
stored  in  corporate  data  centers  but  critical  docu¬ 
ments  that  reside  on  the  countless  desktops  scattered 
throughout  your  enterprise. 

To  receive  a  free  copy  of  the  survey  results 

go  to  www.nextpage.com/cio. 


Custom  Publishing 


NEXTpage 


Emerging  Technology 


Your  end  users  are  downloading  Skype  and  sharing  links  to 
company  webpages  on  Del.icio.us.  But  don't  panic. 
Although  emerging  consumer  applications  can  pose  security  risks, 
here  are  five  that  offer  business  benefits  if  you  manage  them  well. 

BY  SUSANNAH  PATTON 


CONSUMER 


WHEN  PAUL  TANG  FIRST  DOWNLOADED 
Google’s  desktop  search  application,  he  was  impressed  by 
its  speed  and  power.  Instead  of  painstakingly  looking  for 
data  and  files  on  his  hard  drive,  he  could  find  them  with 
the  ease  of  a  Web  search.  However,  Tang,  chief  medical 
information  officer  at  the  Palo  Alto  Medical  Foundation 
(PAMF),  quickly  realized  that  the  slick 
application  could  also  be  dangerous. 

Tang  saw  that  this  early  version 
of  Google  Desktop  (it  was  released  in 
2004)  would  index  encrypted  web¬ 
pages  from  the  hospital’s  online  patient 
health  system,  caching  the  data  on  his 
PC.  “We  take  great  pains  to  avoid  leav¬ 
ing  personal  health  information  on  PCs, 
and  we  noticed  that  the  search  tool  was 
doing  that  by  default,”  says  Tang.  Tang 


didn’t  ban  the  software,  but  the  hospital  advised  users  to 
change  its  settings  so  that  encrypted  webpages— includ¬ 
ing  those  within  its  medical  records  system— would  be 
excluded  from  searches. 

Tang  isn’t  as  worried  now.  Google  has  since  changed 
that  default  setting,  so  it  no  longer  leaves  cached  infor¬ 
mation  on  a  user’s  computer,  and  Tang 
counts  himself  an  enthusiastic  user  of 
the  software,  among  other  consumer 
applications.  But  as  a  guardian  of 
patient  privacy,  Tang  knows  he  has  to 
keep  his  eyes  open  for  potential  vulner¬ 
abilities.  “Consumer  technologies  are 
useful  and  powerful— and  difficult  to 
regulate,”  he  says.  “You  have  to  be  care¬ 
ful  and  conscientious  about  how  you 
use  them.” 


Reader  ROI 

::  Which  emerging  consumer 
technologies  offer  benefits 
to  business 

::  The  risks  of  letting  employ¬ 
ees  use  unapproved 
software  and  devices 

::  How  to  manage  unauthor¬ 
ized  applications  on  the 
corporate  network 


www.cio.com  |  OCTOBER  15,  2006  63 


Emerging  Technology 


The  Consumer  Tidal  Wave 

Not  long  ago,  corporations  were  on  the  leading  edge  of  technol¬ 
ogy  adoption,  providing  employees  with  better  equipment  and 
software  than  they  could  purchase  on  their  own.  Now,  however, 
consumer  applications  are  easy  and  fun  to  use,  and  often  free;  in 
many  cases,  they  also  work  better  than  corporate  software.  And 
the  tables  have  turned  on  CIOs,  as  employees  download  software 


from  the  Internet,  bring  their  handheld 
devices  to  the  office  and  merge  their  home 
computing  life  with  work.  Concerned 
about  losing  control  of  their  networks, 
some  IT  departments  have  banned  all 
unauthorized  software  and  electronics 
from  the  workplace. 

While  it’s  true  that  consumer  technolo¬ 
gies  such  as  desktop  search,  Internet  tele¬ 
phone  services  such  as 
Skype  and  devices  such 
as  iPods  can  weaken 
network  security,  the 
trend  is  hard  to  stop.  In 
many  cases  users  are 
downloading  software 
unbeknownst  to  the  IT 
department.  In  a  Gart¬ 
ner  survey  conducted 
last  year,  half  of  the  respondents  reported 
that  more  than  60  percent  of  their  IT  users 
were  employing  consumer-grade  software, 
whether  approved  or  not. 

Furthermore,  employees  may  be  on  to 
something:  Emerging  consumer  appli¬ 
cations,  when  adapted  to  the  enterprise, 
can  make  workers  more  productive  and 
cut  IT  costs.  In  fact,  Gartner  predicts  that 
between  2007  and  2012,  the  majority  of 
new  information  technologies  that  enter¬ 
prises  adopt  will  have  their  roots  in  the  con¬ 
sumer  market.  (For  more  about  the  impact 
of  consumer  technologies  on  enterprise  IT, 
see  “Enterprise  Software  Gets  a  Face-Lift,” 
Page  66.) 

Instead  of  building  a  wall  to  keep  con¬ 
sumer  technologies  out,  CIOs  need  to  be 
pragmatic  and  provide  a  place  for  employ¬ 
ees’  favorite  applications.  A  willingness  to 
let  employees  experiment  requires  manage¬ 
ment  strategies  and  policies  for  using  exter¬ 
nal  applications  that  will  prevent  serious 
security  and  privacy  breaches.  It  will  also 
mean,  in  some  cases,  making  sure  networks 
and  architecture  are  configured  to  handle 
the  consumer  gadgets  and  software. 

“CIOs  are  in  a  balancing  act,”  says  Michael  Gotta,  principal 
analyst  at  the  Burton  Group.  “Suddenly  there  are  all  of  these 
lightweight,  easy-to-use  applications  that  people  want  to  work 
with,  but  IT  still  has  to  make  sure  they’re  meeting  security  and 
compliance  requirements.” 

Among  dozens  of  technologies  gaining  momentum  in  the  con- 


“You  don’t  want  to 
lose  control,"  says 
FredPretorius, 
IS  director  with  the 
law  firm  Mintz  Levin. 
“But  you  don't  want 
to  stifle  innovation.” 


64  OCTOBER  15,  2006  |  www.cio.com 


PHOTO  BY  FURNALD/GRAY 


Vi  onwireless 


ffldAcces' 


It's  the  Network, 


Upgrade  your  wireless  connectivity 
Downsize  complaints. 


Monthly  access  with  new  2-yr 
activation  and  qualifying  voice  plan, 


Upgrade  your  employees  to  the  BroadbandAccess  card  from 
Verizon  Wireless  and  give  them  the  freedom  to  work  wirelessly 
without  the  hassles  of  hotspots.  With  our  high-speed  wireless 
broadband  network  and  CDMA  technology,  they'll  have  reliable, 
secure  connections  you  just  can't  count  on  from  Wi-Fi.  So  why 
not  upgrade  today. 


verizonwireless.com/bba  or  call  our  business  reps  at  1.800.VZW.4  BIZ 


" Highest  in  Customer  Satisfaction 
With  Business  Wireless  Service" 


(899.4249) 


Our  surcharges  nncl.  2.31%  Federal  Universal  Service  (varies  quarterly),  5c  Regulatory  &  40c  Administrative/line/mo..  &  others  by  area)  are  not  taxes  (details:  1-888-684-1888);  gov  t  taxes  and  our  surcharges  could  add  4° <>-33%  to 
your  bill.  Activation  fee/line:  $35  ($25  for  $59.99  BroadbandAccess  plan). 


IMPORTANT  CONSUMER  INFORMATION:  Subject  to  Customer  Agmt.  Calling  Plan  &  credit  approval.  SI  75  early  termination  lee.  Requires  compatible  PC  card  (purchased  separately)  Speed  claim  based  on  our  network  tests  with  5  MB 
FTP  data  files  without  compression,  Actual  throughput  speed  varies.  If  more  than  5  GB/line/month,  we  presume  use  is  tor  non-permitted  uses  and  will  terminate  service:  see  brochure  tor  details.  BroadbandAccess  is  available  m  181 
maior  metropolitan  areas  in  the  U.s'  Offers  and  coverage  not  available  everywhere.  Network  details  &  coverage  maps  at  veri2onwireless.com.  ©  2006  Verizon  Wireless.  Vervon  Wireless'  received  the  highest  numerical  score  among 
wireless  providers  in  the  proprietary  J.D.  Power  and  Associates  2006  Business  Wireless  Customer  Satisfaction  Study  “.  Study  based  responses  from  2.737  total  responses,  measuring  5  providers  and  measures  opinions  of  wireless 
service  decision  makers  at  businesses  of  all  sizes.  Proprietary  study  results  are  based  on  experiences  and  perceptions  of  business  wireless  users  surveyed  in  January  and  February  2006.  Your  experiences  may  vary.  Visit  jdpowenpom. 


Emerging  Technology 


sumer  market,  we  look  at  five  that  are  making  their  way  into  the 
enterprise.  These  technologies— social  networking  software,  Skype, 
desktop  search,  handhelds  and  mashups— exemplify  the  most 
important  trends  in  software  that  will  have  an  impact  on  business. 

Social  Networking  Software 

What  it  is:  Social  networking  software  allows  users  to  interact 
and  share  information.  Consumer  versions  of  these  applications 
include  MySpace.com  and  Facebook.com,  to  which  the  younger 
crowd  flocks  to  post  pictures  and  network  among  friends,  and 
Linkedln,  where  the  professional  set  keeps  up  with  colleagues 
and  finds  out  about  job  openings. 

Other  popular  consumer  applications  include  Flickr,  which 
allows  users  to  “tag”  personal  photos  (a  process  in  which  users 
choose  keywords  or  descriptive  terms  to  classify  them),  and 
Del.icio.us,  a  service  for  storing  Web  bookmarks.  These  sites,  both 
owned  by  Yahoo,  enable  users  to  share  their  photos  and  favorite 
websites.  Tagging  is  sometimes  called  social  bookmarking  because 


it  allows  multiple  users  to  categorize  online  content. 

A  few  software  companies,  including  Contact  Networks  and 
Visible  Path,  offer  corporate  applications  that  mirror  these  con¬ 
sumer  sites,  promising  to  help  business  users  organize  and  find 
information. 

Business  benefits:  In  two  words,  knowledge  management. 
Corporations  have  struggled  with  KM  for  years,  trying  to  get 
employees  to  share  information.  Now  some  companies  are  experi¬ 
menting  with  social  networking  applications,  hoping  employees 
will  adopt  them  if  they  see  these  systems  are  easy  to  use  and  deliver 
benefits  quickly.  Other  companies  are  working  on  ways  to  help 
employees  find  data  more  easily  by  adopting  tagging  technology 
such  as  that  used  by  Flickr. 

At  the  Boston  law  firm  Mintz  Levin,  attorneys  search  for  con¬ 
tacts  on  the  firm’s  intranet  using  Contact  Networks’  software. 
Fred  Pretorius,  Mintz  Levin’s  director  of  IS,  says  he  decided  to 
give  the  enterprise  social  networking  software  a  try  two  years 
ago,  after  attorneys  complained  about  floods  of  messages  from 
colleagues  that  would  begin,  “Does  anyone  know...?”  Now,  the 
firm’s  475  lawyers  can  search  for  contacts 
within  the  firm  from  a  link  on  the  company 
intranet  page. 

Pretorius  provided  Contact  Networks  with 
the  firm’s  global  address  list,  and  the  software 
company  then  installed  the  application  on 
an  existing  server.  The  harder  part,  he  says, 
was  convincing  attorneys  to  expose  their  cli¬ 
ent  lists.  “This  was  a  huge  cultural  obstacle 
because  contacts  are  what  defines  their  work,” 
Pretorius  says.  At  first,  20  percent  of  the  attor¬ 
neys  opted  out  of  the  system.  As  they  began 
to  see  how  it  could  help  them,  however,  that 
resistance  began  to  fade.  Now,  99  percent  of 
Mintz  Levin  attorneys  use  the  system. 

In  addition  to  sharing  personal  information 
and  contacts,  companies  are  also  trying  out 
ways  to  organize  corporate  information  using 
employee-generated  tags,  or  keywords.  Tag¬ 
ging  makes  information  easier  to  find  than  is 
often  possible  on  a  corporate  intranet.  “I  know 
of  no  organization  that  has  an  intranet  that 
works  well  for  everybody  finding  what  they 
need,”  says  Thomas  Vander  Wal,  founder 
and  senior  consultant  for  InfoCloud  Solu¬ 
tions.  (Vander  Wal  created  the  term  folkson- 
omy,  which  refers  to  a  tagging  system  created 
within  an  Internet  community.) 

Mitre,  a  nonprofit  research  and  develop¬ 
ment  company,  is  experimenting  with  tag¬ 
ging  using  a  customized  application  that  was 
built  on  an  open-source  tool  called  Scuttle. 
The  pilot  project,  dubbed  “onomi,”  is  similar 


Enterprise  Software  Gets  a  Face-Lift 

Consumer  IT  provides  the  model  for  new  business  applications 

ENTERPRISE  SOFTWARE,  look  out.  The  hard-to-install,  hard-to-use  software  of  the 
past  is  quickly  becoming  a  dinosaur.  “The  way  that  consumers  use  software  is  bleeding 
into  the  enterprise,”  says  Paul  Holland,  general  partner  at  Foundation  Capital,  a  ven¬ 
ture  capital  company.  That  means  that  more  companies  will  be  choosing  on-demand 
software  akin  to  Salesforce.com  for  nonstrategic  tasks.  It  also  means  that  users  will 
expect  business  applications  to  be  as  easy  as  the  ones  they  use  at  home. 

"In  the  past,  enterprise  software  was  hard  to  use  and  people  got  discouraged,”  Hol¬ 
land  says.  “Users  are  driving  the  trend— they  are  the  new  heroes  of  the  organization.” 

Just  ask  Roger  Hoffman,  director  of  technical  service  management  at  car  research 
site  Edmunds.com.  Employees  at  Edmunds.com  have  been  using  an  on-demand 
application  called  Service-now  since  February  to  log  incidents,  changes  or  problems 
with  the  production  environment.  Service-now  was  inspired  by  business-to-consumer 
software  such  as  home  banking  applications,  Google  and  Amazon.com.  Hoffman  says 
he  is  pleased  so  far  and  that  users  are  happy  with  the  easy-to-use  interface. 

Hoffman  adds  that  users  are  increasingly  looking  for  simple  applications  and 
attractive  interfaces  that  mimic  the  software  they  use  at  home.  Software  vendors 
are  taking  note,  following  the  lead  of  such  vendors  as  Rearden  Commerce,  which 
enables  customers  to  order  business  services  online.  The  trend  is  even  drifting  into 
supply  chain  applications.  The  startup  Ketera  Technologies  offers  an  on-demand  pro¬ 
curement  application  that  promises  companies  it  will  “consumerize”  purchasing  and 
make  ordering  supplies  as  easy  as  ordering  something  from  Amazon.com.  -S.P. 


66  OCTOBER  15,  2006  |  www.cio.com 


SunGard  provides  uncommonly  strong  techniques  to 
keep  your  IT  systems  available.  You’re  always  in  control, 
with  a  broad  range  of  hosting  and  recovery  services  at 
your  command.  You’re  always  confident,  because 
SunGard’s  extensive  redundancy,  highly  experienced 
people,  and  1 00%  recovery  success  rate  are  working 
in  your  favor. 

With  access  to  some  of  the  industry’s  most  extensive 
IT  resources,  you’re  able  to  achieve  precise  levels  of 
Information  Availability  across  the  enterprise.  Prioritize 
the  availability  of  each  critical  application — from  “always 


on”  to  advanced  recovery— while  knowing  that  your 
solution  can  seamlessly  scale  as  your  business  evolves. 
To  the  exact  degree  you  demand.  At  the  exact  time 
you  need  it. 

You  set  the  levels,  we’ll  do  the  rest.  SunGard  keeps 
you  in  control  with  a  more  precise  approach  to 
Information  Availability. 

SUNGARD*  3S2E& 

Availability  Services  Connected.™ 


BE  PREPARED.  FOR  A  FREE  COPY  OF  “SUNGARD’S  PANDEMIC  PREPAREDNESS  CHECKLIST” 
VISIT  WWW.AVAILABILITY.SUNGARD.COM/PANDEMIC  OR  CALL  1-800-468-7483. 


Emerging  Technology 


to  Del.icio.us  in  that  it  allows  employees  to  share  annotated  book¬ 
marks.  Donna  Cuomo,  chief  information  architect  with  Mitre’s 
center  for  information  and  technology,  says  the  idea  arose  after  she 
noticed  that  employees  were  using  Del.icio.us  and  Flickr  to  share 
company  information.  So  far,  900  of  Mitre’s  6,000  employees  are 
using  onomi  to  organize  their  own  bookmarks  and  share  them  with 
colleagues.  ‘A  lot  of  people  have  adopted  it  as  the  only  way  they  want 
to  share  resources,”  Cuomo  says. 

The  risks:  As  consumer  technologies  go,  social  software  poses 
few  major  risks.  Employees  may  use  consumer  social  network¬ 
ing  sites  for  business  purposes,  sharing  photos  on  their  corporate 
blogs  using  Flickr  or  posting  company  information  on  Linkedln. 
If  employees  start  using  such  applications  under  the  radar, 
however,  there  could  be  confusion  about  where  and  when  it’s 
appropriate  to  share  information.  Mitre’s  Cuomo  says  that  she 


feels  more  comfortable  using  an  internal  tagging  system  because 
employees  won’t  be  putting  links  to  company  information  outside 
of  the  firewall. 


Skype 

What  it  is:  Skype  is  one  of  a  slew  of  applications  in  the  emerg¬ 
ing  voice  over  IP  telephony  market  that  allow  users  to  engage  in 
voice  and  instant  messaging  conversations  with  each  other.  (Phone 
calls  via  Skype  are  free  when  made  to  another  Skype  user.)  It  has 
emerged— mainly  through  word  of  mouth— as  one  of  the  most  suc¬ 
cessful  Internet  applications  of  all  time,  with  more  than  300  mil¬ 
lion  downloads  and  more  than  100  million  registered  users.  Skype 
was  acquired  by  eBay  last  year  for  $2.6  billion.  Competitors  include 
AOL’s  AIM  Triton  and  Microsoft’s  Windows  Live  Messenger. 

Skype’s  appeal  is  that  it’s  easy  to  use  and  the 
quality  of  its  voice  service  is  high.  “It’s  better 
than  most  VoIP  products  out  there,”  says  Steve 
Cawley,  CIO  with  the  University  of  Minnesota, 
where  he  suspects  Skype  is  popular  among 
international  students  and  researchers. 

Business  benefits:  VoIP  technology  offers 
huge  cost  savings  over  traditional  telephone 
service,  especially  for  companies  that  make 
a  lot  of  long-distance  calls  or  have  employees 
working  in  places  subject  to  high  long-distance 
fees.  Skype  and  applications  similar  to  it  can 
also  help  companies  that  haven’t  yet  deployed 
VoIP  create  a  converged  communications  suite, 
including  voice,  video  and  instant  messaging, 
writes  Irwin  Lazar,  an  analyst  with  Burton 
Group,  in  a  report  about  the  technology. 

For  example,  Lazar  says,  many  Burton 
Group  employees  use  Skype  for  internal  and 
external  communications.  At  first,  most  were 
motivated  by  cheaper  long-distance  calls.  But 
many  are  now  using  it  for  instant  messag¬ 
ing.  Saul  Klein,  vice  president  of  marketing 
with  Skype,  says  25  percent  to  30  percent  of 
its  customers  use  the  application  for  busi¬ 
ness.  In  the  corporate  environment,  Skype 
poses  some  security  risks  (see  below).  But 

companies,  especially 


Paul  Tang,  chief 
medical  information 
officer  with  the  Palo 
Alto  Medical  Founda¬ 
tion,  allows  managers 
to  use  PDAs  to  read 
e-mail  that  isn’t 
patient-related. 


small  ones,  that  are 
more  focused  on  cost 
savings  than  security 
may  be  willing  to  take 
that  risk.  Even  CIOs  at 
some  larger  companies 
such  as  Greif,  a  maker 
of  industrial  packag¬ 
ing  products,  report 


68  OCTOBER  15,  2006  |  www.cio.com 


PHOTO  BY  SHANNON  MCINTYRE 


I.T.  NIGHTMARES 

TRULY  CHILLING  TALES  FROM  AN  INFRASTRUCTURE  THAT’S  OUT  OF  CONTROL!!! 


wm. 


i 


Network  One 


.NIGHTMARE  #1 


_The  office  is  buried  in  quicksand — infrastru 
quicksand!  Our  indecision  about  how  to  move  t 
oriented  architecture  is  sinking  us.  How  do  v 
Can  we  reuse  what  we  have?  Can  we  integrate  c 
apps  like  SAP  and  Oracle?  We’re  sinking  fast! 


Safeil S: 


V 


i 


V 


■ 

'  • v  •  -'^:  ■■■ 

%:  ■  -  .  ■  ■ 

y-S&i  M 

.  ■  f  ■ 


c;  \Zs>jrJf  x*Mft 

■  .-  -.-  v.  •,  •  • 

: 

■ 


NIGHTMARE  #2:  10:33  a. m. 


_I  feel  like  I’m  being  chased  by  a  relentless  horde 
of  regulators.  It  must  be  these  compliance  regulations. 
They’re  killing  us!  Audits.  Inconsistencies.  Processes. 
Time.  Money. 


_RUN,  GIL,  RUUUUUN !  Gil,  you  have  to  run  faster  than 
a  power  walk! 


.NIGHTMARE  #3:  12:05  p.m. 


_Our  lack  of  productivity  is  out  of  control!  No  one 
can  get  anything  done.  What  we’re  using  isn’t  working. 
Gil  s  had  enough.  He  moved  everyone  into  one  cubicle 
so  people  would  be  forced  to  collaborate.  He  calls  it 
a  collaboration  cubicle.  Hey,  who  sat  on  my  sandwich? 
That’s  not  funny,  my  mom  made  that  for  me. 


VV 


3 


tv 


V  '. 


R 


■V 


w\s 


<X1* 


o; 


r-. 


."-^h  V'vT  •>' 


s*%.  v» 


'  •■  It*  .'  ^  • 


\ 


_NIGHTMARE  #4:  3:47  p.m. 

_The  I.T.  nightmares  never  seem  to  end.  The  business 
is  literally  splitting  apart.  I.T.  isn’t  in  sync  with 
the  suits.  No  one’s  sure  what  they  need  to  do.  It’s 
totally  out  of  control! 

_Gil  fell  into  the  crack.  I  had  to  dive  in  with  a  GPS 
device  and  a  hundred  feet  of  rope  to  rescue  him. 


/ 


IBM,  the  IBM  logo,  WebSphere,  Rational,  Tivoli,  Lotus,  Notes  and  Domino  are  registered  trademarks  or  trademarks  of  International 
Business  Machines  Corporation  in'  the  United  States  and/or  other  countries.  SAP  is  a  registered  trademark  of  SAP  AG  in 
Germany  and  in  several  other  countries.  Oracle  is  a  registered  trademark  of  Oracle  Corporation  and/or  its  affiliates.  Linux  is  a 
registered  trademark  of  Linus.  Torvalds  in  the  United  States,  other  countries,  or  both.  Java  and  all  Java-based  trademarks  are 
trademarks  of  Sun  Microsystems,  Inc.  in  the  United  States,  other  countries,  or  both.  ©2006  IBM  Corporation.  All  rights  reserved. 


.NIGHTMARE  #5:  5:02  p.m. 


_Xn  this  one,  I  come  in  and  find  a  black  hole  has 
appeared  in  the  office.  Information  goes  in  but  doesn’t 
come  out.  Then  the  black  hole  sucks  in  three  interns. 

HR  is  not  pleased. 


_5 : 29  p.m. 

_But  that’s  all  behind  us  now.  I  took  back  control  with 
IBM  middleware.  It’s  a. . .uh. . .dream  come  true. 


Control  costly  indecision  with  IBM  WebSphere 
middleware.  It  lets  you  build  a  service  oriented 
architecture  at  your  own  pace.  Adapters  provide  a 
standardized  approach  to  integrating  apps  from  SAP, 
Oracle  and  others.  And  WebSphere  lets  you  reuse 
what  you  have,  saving  time  and  money  IBM  has 
already  helped  thousands  of  customers  build  an  SO  A. 


Control  regulatory  nightmares  with  IBM  Tivoli 
middleware.  It  automates  system  administration  to 
standardize  compliance  policies.  It  centralizes 
processes  to  minimize  the  challenge  of  supporting 
new  and  ever-changing  regulations.  And  it  helps 
pinpoint  security  issues  before  they  become  problems 
and  maintains  business  integrity. 

Control  lackluster  collaboration  with  IBM 
Lotus ®  /Votes®  and  Domino ?  It’s  more  than  email-it's 
an  open  platform  designed  for  collaboration.  It  has 
proven  security  features  and  productivity  enhancers 
like  document  sharing  and  custom  app  development. 
And  it’s  easy  to  deploy  and  flexible  enough  to  integrate 
across  multiple  platforms  including  J2EE  ™  and  Linux  ® 

Control  out-of-sync  software  development 

with  IBM  Rational.  It  helps  you  manage  all  your 
development  teams.  Ensures  your  software  is  in 
compliance,  and  implements  a  service  oriented 
architecture.  With  Rational,  everyone  knows  their  job 
and  works  together.  And  your  development  process  is 
governed  and  aligned  with  your  business  goals. 

Control  untamed  information  with  IBM  Information 
Management  middleware.  Built  on  open  standards, 
it’s  scalable,  modular  and  seamlessly  unites  all 
your  critical  information,  whatever  the  source.  More 
than  that,  it  gives  your  information  real  business 
value,  allowing  you  to  use  it  in  innovative  ways  to 
help  spur  growth. 


TAKE  BACK  CONTROL  WITH  THE  ENTIRE  PORTFOLIO  OF  IBM  MIDDLEWARE. 


WebSphere  Tivoli 


Lotus. 


Rational  Information  Management 


IBM.COM/TAKEBACKCONTROL/MIDDLEWARE 


call  for  entries 


Nominees  shouk 
currently  be  top  IT 
lieutenants— but  not 
yet  full-fledged  CIOs. 

Visit  www.cio.com/awards/watch 

today  to  apply. 


Presented  by  CIO  magazine  and  the  CIO  Executive  Council. 


Candidates  will  be 
nominated  by  their  CIO  based 
upon  the  characteristics 
identified  in  the  application  at 
www.cio.com/awards/watch. 
Candidates  may  also  nominate 
themselves  or  be  nominated 
by  another,  but  all  nominations 
must  be  endorsed  by  a  CIO. 

A  panel  of  leading  CIOs  will 
judge  the  nominees  and 
choose  the  winners,  who  will 
be  featured  in  a  special 
May  2007  issue  of  CIO. 


Winners  will  also  be 
honored  at  the  third  annual 
CIO  Leadership  Conference 

to  take  place  April  29-May  1  at 
the  Hyatt  Huntington  Beach  in 
Huntington  Beach,  California. 


Business 

Technology 

Leadership 


CIO  Executive  Council 

The  Professional  Organization  for  CIOs 


rg;  We  will  accept 
nominations  from  Sept.l 
through  Nov.  15.  For  more  about 
this  prestigious  award,  go  to 

www.cio.com/awards. 


Emerging  Technology 


that  they  are  willing  to  test  Skype  and  aren’t  overly  concerned 
with  potential  security  risks. 

The  risks:  As  with  any  application  exposed  to  the  Internet, 
“the  potential  that  some  flaw  will  be  discovered  that  would  enable 
an  attacker  to  either  gain  control  of  or  disrupt  a  Skype  user’s  com¬ 
puter  or  mobile  device  is  real,”  notes  Lazar.  (In  general,  VoIP  can 
pose  a  security  risk  because  calls  travel  over  data  lines  that  may 
be  vulnerable  to  Internet  worms  and  viruses.) 

These  risks  are  magnified  in  the  case  of  Skype  because,  unlike 
with  enterprise  VoIP  systems  from  vendors  such  as  Cisco  and 
Avaya,  there’s  no  way  to  track  who  is  using  Skype  or  how  it  is 
being  used.  That’s  because  it  can  be  downloaded  and  installed  by 
employees  themselves. 

Finally,  Skype  can’t  log  and  monitor  phone  calls,  so  companies 
that  have  to  track  calls  for  compliance  purposes  may  want  to  avoid 


it.  Pharmaceutical  company  Novartis  has  banned  it,  and  schools 
including  Oxford  University  and  the  University  of  Minnesota  have 
issued  warnings  against  using  Skype. 

Minnesota’s  Cawley  also  discourages  using  Skype  because  of 
the  security  risks.  He  worries  about  the  capability  for  Skype  users 
with  a  public  IP  address  to  become  “supernodes,”  acting  as  hubs 
that  route  calls  for  other  users.  In  the  meantime,  he  suggests  that 
users  pick  another  VoIP  service,  such  as  Free  World  Dialup,  which 
has  clients  for  Windows,  Mac  OS  X  and  Linux.  And  although  stu¬ 
dents  and  faculty  can  use  Skype  if  they  choose,  they  are  asked  to 
turn  the  application  off  when  they  are  done  calling.  “If  we  do  see  a 
problem  with  Skype,  we  may  go  ahead  and  block  it,”  says  Cawley. 

Desktop  Search 

What  it  is:  A  free  tool  offered  by  Google,  MSN,  Yahoo  and  oth¬ 
ers  that  allows  users  to  quickly  search  the  contents  of  their  hard 
drives.  The  latest  version  of  Google  Desktop  can  also  be  used  to 
share  files  between  computers.  Users  download  the  tool,  which 


indexes  everything  on  their  hard  drives  in  the  same  way  that 
Google  indexes  the  Web.  The  software  can  be  set  to  return  results 
on  e-mail,  text  files,  spreadsheets,  photos,  PDFs  and  more. 

Business  benefits:  Desktop  search  can  make  work  easier  and 
increase  productivity,  especially  for  employees  in  industries  such 
as  biotechnology  who  need  to  find  technical  information  quickly 
to  do  their  jobs.  Palo  Alto  Medical  Foundation’s  Tang  says  that 
even  though  initially  he  had  concerns  about  the  security  and  pri¬ 
vacy  implications  of  desktop  search,  it  can  be  a  valuable  tool  if 
users  know  how  to  protect  their  information. 

Tang  and  other  CIOs  see  desktop  search  applications  growing 
in  popularity,  and  they  are  putting  together  policies  to  determine 
when  these  tools  can  be  used.  Chris  Holbert,  CIO  at  Launchpad 
Communications,  which  operates  an  inbound  sales  call  center  in 
Los  Angeles,  says  he  currently  sees  no  business  need  for  desktop 

search.  However,  Holbert  worked  for  seven 
years  as  head  of  IT  at  a  biotech  firm,  where 
researchers  made  frequent  use  of  a  custom¬ 
ized  desktop  search  tool.  Even  some  CIOs 
who  currently  ban  desktop  search  appli¬ 
cations  say  they  are  preparing  for  the  day 
when  they  might  have  to  change  their  posi¬ 
tion.  “Desktop  search  seems  to  have  a  lot  of 
momentum  and  we  won’t  be  able  to  ignore 
it,”  says  James  Kritcher,  VP  of  IT  at  White 
Electronic  Designs. 

The  risks:  Company  data  may  be 
exposed  inadvertently.  Once  the  tool  is 
installed  and  files  are  indexed,  a  snoop  can 
theoretically  search  someone’s  hard  drive 
for  information.  At  PAMF,  Tang  went  out 
of  his  way  to  help  users  understand  how 
to  make  sure  that  sensitive  data  doesn’t 
get  indexed,  but  freewheeling  users  may  not  always  pay  atten¬ 
tion.  Google’s  desktop  search  software  also  has  a  feature  that 
lets  users  search  for  content  on  multiple  computers.  The  “search 
across  computers”  feature  stores  copies  of  PDFs,  Word  files, 
spreadsheets  and  other  documents  on  Google  servers.  In  theory, 
Kritcher  points  out,  storing  documents  even  temporarily  on  an 
external  server  could  expose  a  company  to  litigation  for  violating 
its  privacy,  security  or  document  retention  policies. 

Handheld  Devices 

What  they  are:  Pagers,  cell  phones,  iPods  and  PDAs  have  been 
around  long  enough  that  plenty  of  companies  sanction  them  for 
everyday  work  (think  BlackBerry).  The  devices  are  becoming  so 
entrenched  in  daily  life  that  lots  of  people  (including  you,  prob¬ 
ably)  bring  their  own  devices  from  home  too. 

Business  benefits:  While  at  many  companies  handheld 
devices  are  disdained  as  providing  little  more  than  a  distraction 
during  meetings,  early  adopters  of  the  technology  on  an  enterprise 


"Consumer  technologies  are 
useful  and  powerful— and  difficult 
to  regulate.  You  have  to  be  careful 
and  conscientious  about  how 
you  use  them.” 


70  OCTOBER  15,  2006  |  www.cio.com 


Autonomy:  Acknowledged  by  Industry  Analysts 
as  the  ‘Clear  leader  in  Enterprise  Search’ 


More  than  80%  of  all  information  inside  an  enterprise  is  now  unstructured  and  this  ‘human-friendly’  information  is 
difficult  for  computers  to  understand  and  use.  That  is,  until  now. 

Autonomy  solves  this  problem. 

Autonomy’s  unique  software  enables  computers  to  understand  the  ideas  contained  in  unstructured  information 
including  emails,  web  pages,  video,  and  audio  -  automatically  and  in  real-time.  Find  out  how  your  enterprise  can 
transform  this  content  into  valuable,  actionable  information  without  human  intervention. 

To  learn  more  about  why  Autonomy  is  the  clear  leader  in  Enterprise  Search,  visit  us  at  www.Autonomy.com  or  call  us 
at  1-877-243-9955. 


|  Copyright  ©  2006  Autonomy.  All  rights  reserved. 

1  Other  trademarks  are  registered  trademarks  and  the  properties  of  their  respective  owners 

i 

; 


Emerging  Technology 


scale  use  them  for  more  than  idle  chat  or  diversion.  A  doctor  in 
Geneva,  for  example,  has  reportedly  devised  a  software  program 
that  allows  physicians  to  view  medical  images  on  their  iPods. 

At  Mintz  Levin,  IS  director  Pretorius  is  testing  a  proposal  from 
an  associate  suggesting  that  the  firm  build  a  podcast  library  of 
attorneys’  legal  presentations.  Some  managers  at  the  PAMF  use 
PDAs  to  read  e-mail  that  is  not  patient-related,  look  up  informa¬ 
tion  about  drugs  and  check  medical  protocols. 

The  risks:  Mobile  phones  and  PDAs  are  usually  not  pass¬ 
word  protected;  therefore,  companies  risk  compromising  corpo¬ 
rate  data  if  it  is  downloaded  onto  the  devices.  The  same  goes  for 
iPods,  which  can  be  used  as  backup  storage  devices.  Data  security 
standards  set  by  the  Payment  Card  Industry  Security  Standards 
Council  could  prohibit  most  pagers  and  cell  phones  from  being 
used  in  offices  where  information  about  cardholders  is  known  by 
employees,  such  as  in  call  centers  or  at  e-commerce  sites. 

Mashups 

What  they  are:  Mashups  are  applications  that  combine  data 
from  two  or  more  online  sources  and  run  within  a  Web  browser. 
Think  of  mashups  as  Web  services  lite.  Mashups  were  born  a 
little  more  than  a  year  ago  when  Paul  Rademacher,  an  anima¬ 
tion  expert  at  Dreamworks,  created  HousingMaps.com,  which 
merged  Craigslist  and  Google  Maps  to  help  people  locate  real 
estate  listings.  Since  then,  mashups  have  gained  ground  among 
developers;  there’s  competition  to  create  the  most  innovative 
applications.  One  of  the  most  talked  about  mashups  is  the  combi¬ 
nation  of  Google  Maps  and  the  CRM  application  Salesforce.com. 

Business  benefits:  Mashups  offer  faster  and  easier  integra¬ 
tion  of  some  services  than  may  be  possible  using  Web  services 
within  a  service-oriented  architecture  (SOA).  Mashups  are  less 
complex,  and  developers  concern  themselves  less  about  com¬ 
plying  with  technical  standards  because  the  applications  are 
browser-based,  according  to  consultant  Dion  Hinchcliffe,  presi¬ 
dent  and  CTO  with  Hinchcliffe  &  Co. 

One  way  mashups  are  making  inroads  into  the  enterprise  is 
when  corporate  developers  adopt  the  mashup  approach  for  inte¬ 
grating  data  internally,  says  John  Musser,  a  consultant  who  oper¬ 
ates  the  website  Programmableweb.com.  Investment  management 
company  T.  Rowe  Price,  for  example,  has  combined  data  from  mul¬ 
tiple  applications  in  order  to  simplify  its  call  center  systems.  Kirk 
Kness,  VP  of  architecture  and  strategy  at  the  company,  says  he 
prefers  to  call  the  development  technique  “composite  applications,” 
because  “the  term  mashup  implies  that  we  might  be  winging  it,  and 
we’re  not  doing  that.”  Kness  and  his  team  are  using  portal  software 
from  IBM  and  Ajax,  a  development  methodology  for  generating 

interactive  Web  appli¬ 
cations. 

Meanwhile,  IBM  is 
working  on  a  proj¬ 
ect  called  QEDWiki 
(so  called  because  it 
uses  wikis,  a  tool  that 


allows  multiple  users  to  edit  a  webpage)  that  is  designed  to  let 
businesspeople  create  their  own  webpages  by  dragging  informa¬ 
tion  from  both  private  and  public  websites.  Using  QEDWiki,  an 
employee  could  integrate  weather  data,  information  from  an  ERP 
system  and  the  location  of  company  facilities  in  a  single  webpage. 

“Companies  have  been  wrestling  with  integration  for  decades,” 
says  Musser.  “Mashups  offer  a  whole  new  level  of  power  and 
sophistication  that  comes  for  free.” 

The  risks:  These  applications  can  have  a  lot  of  security  holes. 
Some  mashups  that  use  Ajax  scripts,  for  example,  expose  their 
code  in  the  browser,  which  may  allow  the  mashups  to  be  used 
maliciously.  What’s  more,  passwords  for  accessing  components 
of  a  mashup  may  also  be  exposed  in  the  browser,  putting  the 
underlying  services  at  risk.  Hinchcliffe  says  that  many  mashups 
pull  code  in  live  from  the  Web  (think  of  any  service  using  Google 
Maps)  and  run  without  being  previously  tested.  The  danger 
there,  he  says,  is  that  the  code  from  an  underlying  source  could 
change  the  next  time  the  mashup  is  loaded,  and  users  won’t  know 
what’s  in  it. 

How  to  Manage  the  Consumer  IT  Invasion 

There  are  several  steps  CIOs  can  take  to  manage  consumer  tech¬ 
nologies  as  they  make  their  way  into  the  enterprise: 

►  Find  out  what’s  happening.  By  determining  which  consumer 
technologies  are  popular  with  employees  and  why  they  want  to  use 
them,  IT  leaders  can  figure  out  the  best  ways  to  adapt  them  inter¬ 
nally.  Some  technologies  that  have  taken  off  on  the  consumer  side 
already  have  offshoots  better  suited  for  enterprise  use.  For  exam¬ 
ple,  Google  Desktop  3  for  Enterprise,  currently  in  beta,  allows 
administrators  to  disable  features  they  don’t  want  employees  to 
use.  XI  Technologies,  which  has  partnered  with  Yahoo,  offers  a 
competing  enterprise  search  tool. 

►  Identify  and  mitigate  risks.  If  employees  need  a  particular  tech¬ 
nology  to  do  their  work,  companies  might  need  to  shore  up  their  net¬ 
work  security  or  add  bandwidth  to  support  it.  If  a  company  allows 
the  use  of  Skype,  for  example,  it  will  want  to  block  unsolicited  incom¬ 
ing  connections  to  Skype  clients  to  discourage  malicious  activity. 

►  Govern  usage.  If  you’re  going  to  ban  an  application,  set  up 
controls  to  prevent  it  from  slipping  in.  Among  the  options:  iden¬ 
tity  management  systems,  network  access  controls  and  intrusion 
prevention.  “Rather  than  trying  to  create  a  secure  perimeter  and 
keep  the  consumer  technology  out,  you  should  assume  a  hostile 
environment  and  drive  security  deeply  and  broadly  into  every¬ 
thing  you  do,”  says  Gartner  analyst  David  Smith. 

If  you’re  open  to  experimentation,  make  sure  users  know  how  far 
they  can  go.  “You  don’t  want  to  lose  control  with  what’s  happening 
on  your  network,”  says  Mintz  Levin’s  Pretorius.  “But  at  the  same 
time  you  don’t  want  to  stifle  creativity  and  innovation.  Balancing  the 
concerns  and  benefits  related  to  consumer  technologies  is  a  constant 
battle,  but  I  see  it  as  a  major  part  of  my  job  going  forward.”  BQ 


Susannah  Patton  is  a  writer  based  in  California.  To  comment  on  this 
article,  go  to  the  online  version  at  www.cio.com/101506. 


Consumer  IT  in  the  Enterprise 


Senior  Writer  Ben  Worthen  blogs  about 

WHY  CONSUMER  I.T.  IS  BETTER  in  Net 

Effect.  Find  his  postings  online  at  www 
.cio. com/101506.  CIO.COITl 


72  OCTOBER  15,  2006  |  www.cio.com 


Sometimes  it's  easy  to  overlook  the  obvious.  GoldMine  is 
one  of  the  best-known,  most  trusted  CRM  solutions  on 
the  market.  More  than  130,000  companies  have  selected 
GoldMine  CRM  to  optimize  their  customer  interactions 
and  create  customers  for  life,  including:  50%  of  the 
Fortune  500  and  76%  of  the  FTSE  100  in  80  vertical 
markets  in  more  than  40  countries. 

GoldMine  software's  capabilities  continue  to  grow  and 
evolve.  Our  Corporate  Edition  gives  you  powerful  new 
tools  to  boost  sales  productivity,  customer  satisfaction, 
and  revenue,  including: 


GoldMine.^ 

It's  all  here:  enterprise-class  features,  quick  time-to-value, 
modular  features  so  you  pay  only  for  what  you  need, 
integration  with  other  leading  products  and  technologies, 
and  a  price  point  that  blows  away  competitive  products. 

So  if  you  haven't  looked  at  GoldMine  lately,  look  again. 
We'll  grow  with  you. 


•  Interaction  management 

•  Voice-over-IP  services 

•  Business  intelligence 

•  Wireless  mobile  device  access 


Take  a  Closer  Look 

Visit  www.frontrange.com/im 


and  download  our  brochure 


FrontRange 

SOLUTION  S*-* 


Get  Out  in  Front 


Copyright  ©  2006  FrontRange  Solutions  USA  Inc.  All  rights  reserved.  GoldMine,  HEAT  and  other  FrontRange  Solutions 
products,  brands  and  trademarks  are  property  of  FrontRange  Solutions  USA  Inc.  and/or  its  affiliates  in  the  United  States 
and/or  other  countries.  Other  products,  brands  and  trademarks  are  property  of  their  respective  owners/companies. 


And  our  new  Enterprise  Edition  adds  even  more 
sophisticated  functionality,  including: 

•  Configurability  at  all  levels:  fields,  forms, 
relationships,  and  more 

•  Enterprise  workflows  and  reporting 

•  Web  client  or  smart  client  delivery  options 


and  our  white  paper 
about  Interaction 
Management. 


IVtid-Market  |  Compliance 


CIOs  are  still  strugglingto  comply 
with  HIPAA’s  10-year-old  medical  privacy 
regulations.  And  the  smaller  the  healthcare 
organization,  the  harder  the  task. 


_  B  Y  S 

Tn 

||M|  2001,  Ron  Uno,  manager  of  information  manage- 
■MLi  aflki  ment  at  Kuakini  Health  Systems,  made  the  deci¬ 
sion  to  move  his  hospital’s  medical  records  system  from  paper  to  computers. 
The  main  motivation  for  the  costly,  multiyear  project?  The  Health  Insurance 
Portability  and  Accountability  Act,  or  HIPAA,  the  then  five-year-old  federal 
law  that  sets  standards  for  protecting  the  security  and  privacy  of  American 
medical  records.  If  the  hospital  had  an  electronic  medical  records  (EMR) 
system,  Uno  reasoned,  it  would  be  easier  to  monitor  who  was  accessing  sensi¬ 
tive  patient  information  and  to  comply  with  the 
law’s  privacy  and  security  regulations. 

Five  years  later,  Uno  is  halfway  through 
implementing  an  EMR  system.  He  estimates 
that  Kuakini,  a  nonprofit  with  $275  million  in 
revenue  that  operates  a  250-bed  hospital  and  a 
200-bed  long-term  care  facility  in  Honolulu, 


Reader  ROI 

::  Why  HIPAA  compliance 
is  the  exception,  even 
though  it’s  a  rule 


Tips  for  containing 
compliance  costs 


U  S A  N  N  A  H  PATTON 


has  spent  $10  million  to  $15  million 
on  implementing  the  system  and 
other  technologies  to  help  it  comply 
with  HIPAA.  “Even  though  we’re  a 
small  hospital,  we’re  trying  to  com¬ 
ply  as  much  as  we  can,”  says  Uno, 
who  is  closing  in  on  full  HIPAA  com¬ 
pliance,  though  he’s  not  there  yet. 

The  Long,  Hard  Road  to 
Compliance 

A  decade  after  HIPAA  was  signed  into 
law,  CIOs  like  Uno  are  still  struggling 
to  comply  with  its  provisions.  Some 
lack  the  resources  to  fully  meet  the 


74  OCTOBER  15,  2006  |  www.cio.com 


PHOTO  BY  DANA  EDMUNDS 


HIPAA  helped  drive  the  decision  to  move 
patient  data  from  paper  files  to  an  elec¬ 
tronic  medical  records  system,  says 
Ron  Uno,  manager  of  information 
management  at  Kuakini  Health  Systems. 


m  j 

& 

-§m 

Mid-Market 


Compliance 


requirements  of  this  complex  set  of  rules; 
others  seem  to  feel  little  need  to  hurry  since 
the  federal  government  has  not  aggressively 
enforced  the  law.  So  it  comes  as  no  surprise 
to  learn  that  HIPAA  compliance  rates  appear 
to  be  slipping. 

Fewer  hospitals  and  healthcare  facili¬ 
ties  are  fully  complying  with  the  law  this 
year  than  in  2005,  according  to  a  recent 
survey  by  the  American  Health  Informa¬ 
tion  Management  Association  (AHIMA),  a 
professional  organization  for  health  infor¬ 
mation  executives.  And  more  than  one- 
quarter  of  U.S.  security  executives  whose 
organizations  need  to  be  HIPAA-compli- 


ant  admit  that  they  are  not,  according  to 
“The  Global  State  of  Information  Security 
2006,”  a  study  released  last  month  by  CIO 
and  PricewaterhouseCoopers. 

These  findings  stand  in  sharp  contrast 
to  the  billions  of  dollars  invested  by  health¬ 
care  CIOs  in  technologies  to  protect  medi¬ 
cal  records,  including  EMRs,  firewalls, 
remote  monitoring  systems,  intrusion 
detection,  auditing  software  and  encryp¬ 
tion  programs.  HIPAA  compliance  rates 
declined  across  institutions  of  all  sizes,  but 
specialists  say  the  problem  is  most  acute 
at  small  to  midsize  hospitals  with  their 
limited  budgets.  “Smaller  hospitals  with 


thinner  margins  and  smaller  IT  budgets 
will  have  a  more  difficult  time  being  com¬ 
pliant,”  says  Gartner  analyst  Robert  Booz. 

There  is  no  question  that  HIPAA  has 
made  patient  information  more  secure.  It 
also  accelerated  adoption  of  healthcare  IT 
systems  nationwide,  an  evolution  that  is 
boosting  efficiency  while  reducing  medi¬ 
cal  errors.  Getting  there,  however,  hasn’t 
been  easy. 

Asif  Ahmad,  CIO  and  VP  of  diagnostic 
services  at  Duke  University  Health  System, 
says  that  HIPAA  compliance  has  created 
extra  burdens,  even  for  large  healthcare 
organizations  such  as  his  own.  “I  can’t  imag¬ 
ine  a  community  hospital  coming  up  with  all 
of  these  resources,”  he  says. 

Uno  agrees  that  it  is  harder  for  smaller 
organizations  to  secure  the  resources  and 
support  to  fully  comply  with  HIPAA.  But 
it  can  be  done.  Uno  sold  his  senior  man¬ 
agement  team  on  the  importance  of  com¬ 
pliance  by  stressing  that  failure  to  meet 
HIPAA  requirements  could  lead  to  privacy 
breaches.  “No  one  wants  to  be  the  scape¬ 
goat  for  a  privacy  breach,”  he  says. 

TheSilent  Crisis 

HIPAA  was  introduced  in  1996  as  a  broad 
measure  designed  to  protect  confidential¬ 
ity  and  security  of  health  data.  It  called 
on  the  Department  of  Health  and  Human 
Services  to  standardize  electronic  patient 
health  and  financial  data  and  to  set  secu¬ 
rity  standards  to  protect  “individually 
identifiable  health  information.”  The  law, 
which  applies  to  all  healthcare  providers 
and  health  plans,  as  well  as  insurers,  tech¬ 
nology  vendors  and  universities,  put  in 
place  a  series  of  mandates  and  deadlines. 
Perhaps  the  most  important  to  healthcare 
CIOs  were  the  privacy  rules,  which  took 
effect  in  April  2003,  and  the  security  rule, 
which  had  an  April  2005  deadline. 

While  HIPAA  offers  a  framework  for 
how  healthcare  organizations  need  to  safe¬ 
guard  data,  it  does  not  provide  recommen¬ 
dations  for  specific  technologies  to  do  the 
job.  This  lack  of  detail  meant  that  health¬ 
care  CIOs  scrambled  in  the  early  years  to 
get  ready  for  the  deadlines.  They  invested 
in  hardware  and  software,  in  addition  to 
training  staff  on  safe  ways  to  access  and 
transmit  personal  health  data. 


76  OCTOBER  15,  2006  |  www.cio.com 


PHOTO  BY  CLAUDIO  VAZQUEZ 


Small  Workgroup  Office 


*  Corporate  Office 


*  Branch  Office 


^Road-Warrior  Hwrie  Ml 

Take  cost  out  of  your  business  and  increase  productivity. 


P^lff ^ 


No  matter  where  you  do  business. 


Comprehensive  selection 
Increased  productivity 
Lower  acquisition  costs 
^  Reduced  consumable  costs 
^  24/7/365  support  and  service 
>•  Free  evaluation  program 


Mobile  Printing  Solutions  Labeling  Solutions 


Desktop  Laser  Solutions  Color  Laser  Solutions 


Brother  Printer,  Fax  and  Multi-Function  Center®  models  — 
designed  to  increase  productivity  while  decreasing  overhead. 

Considering  that  over  94%  of  Fortune  1000  company  employees  work 
outside  corporate  headquarters*,  equipping  them  with  a  cost-effective 
solution  is,  to  say  the  least,  a  major  challenge. 

That's  why  Brother's  Commercial  Division  is  committed  to  providing 
superior  and  reliable  imaging  solutions  that  increase  productivity  while 
reducing  costs.  This  enables  businesses  like  yours  to  effectively  address 
critical  organizational  goals  and  challenges. 

But  it  is  our  product  reliability,  coupled  with  a  responsive  nationwide 
support  and  service  network,  that  has  companies  like  yours  putting  Brother 
at  the  top  of  their  requisition  lists. 

Brother's  Commercial  Division  welcomes  the  opportunity  to  put  our 
resources  to  work  for  you.  Contact  us  today  so  we  can  show  you  how  we 
can  positively  impact  your  bottom  line  while  enhancing  your  performance. 


Network  Printer  Solutions  Fax  Solutions 


For  more  information,  call  1-866-455-7713. 

‘Purchase  Influence  in  Larger  American  Businesses  ( Erdos  &  Morgan,  2001). 


©  2006  Brother  International  Corporation,  Bridgewater,  NJ  •  Brother  Industries  Ltd.,  Nagoya,  Japan 
For  more  information  visit  our  Web  site  at  www.brother.com 


Mid-Market 


Compliance 


More  recently,  however,  the  focus  has 
shifted  away  from  compliance,  say  special¬ 
ists.  “The  healthcare  industry  has  spent 
billions  on  HIPAA  compliance,  and  now 
what  we’re  seeing  is  HIPAA  fatigue,”  says 
Gartner’s  Booz. 

Nearly  39  percent  of  hospitals  and 
health  systems  reported  full  privacy  com¬ 
pliance  this  year,  according  to  AHIMA, 
which  surveyed  1,117  healthcare  privacy 
officers  and  others  whose  jobs  relate  to 
HIPAA  privacy.  That’s  up  from  23  percent 
in  2004.  However,  the  number  of  those 


A  HIPAA 
Loophole? 


who  believe  they  are  more  than  85  percent 
compliant  dropped  to  85  percent  in  2006, 
down  from  91  percent  in  2005.  (For  more 
information,  read  the  full  AHIMA  report, 
“The  State  of  HIPAA  Privacy  and  Security 
Compliance.”  Find  a  link  to  the  report  at 
www.  cio.  com/101506.) 

“This  is  not  a  crisis,  but  more  of  a  silent 
erosion  of  HIPAA  compliance,”  says  Dan 
Rode,  VP  of  policy  and  government  relations 
at  AHIMA.  “It’s  a  wake-up  call.” 

After  the  rush  to  implement  privacy 
and  security  systems,  he  says,  many 
institutions  now  report  that  support  and 
resources  from  healthcare  organizations 
are  declining  in  the  face  of  budget  con¬ 
straints.  Also  troubling  to  some  privacy 
advocates  is  what  they  see  as  the  federal 


government’s  generally  lax  attitude  toward 
HIPAA  enforcement. 

According  to  the  Health  and  Human 
Services  Office  of  Civil  Rights,  which 
enforces  the  law,  more  than  22,000  griev¬ 
ances  have  been  lodged  since  the  HIPAA 
privacy  rule  took  effect  in  2003.  Most  have 
to  do  with  personal  medical  information 
being  wrongly  revealed.  The  government 
has  closed  75  percent  of  these  cases,  either 
ruling  that  there  was  no  violation  or  no 
jurisdiction,  or  after  ensuring  that  hospi¬ 
tals,  health  plans  or  doctors’  offices  had 
fixed  violations.  To  date,  no  fines  have  been 
assessed  by  the  department.  Out  of  339 
complaints  referred  to  the  Justice  Depart¬ 
ment  for  possible  criminal  prosecutions 
since  the  privacy  Continued  on  Page  82 


Privacy  rules  don’t  always  cover  popular  personal  health  records 


In  1999,  WebMD  started  offering  an  online  “personal  health 
record,”  or  PHR,  to  help  consumers  record,  store  and  transport 
their  medical  information  to  any  doctor  or  hospital.  Today,  the 
$168  million  provider  of  online  healthcare  information  works  with 
clients  such  as  Microsoft,  Starbucks  and  health  benefits  com¬ 
pany  Wellpoint  to  gather  employee  health  information  and  import 
insurance  claim  data  into  the  personal  digital  records. 

PHRs  offer  numerous  advantages.  For  example,  Microsoft 
employees  can  go  to  their  company’s  healthcare  portal  to  con¬ 
duct  online  health  risk  assessments  and  create  personal  health 
records.  They  can  also  find  healthcare  providers  in  their  area  and 
some  even  have  the  ability  to  incorporate  information  from  labs 
and  other  sources  into  their  record.  Over  the  past  several  years, 
smaller  companies  including  FollowMe,  Laxor  and  Medem  have 
sprung  up  to  offer  similar  services.  PHRs  are  not  replacing  EMRs 
but  they  are  growing  in  popularity,  especially  since  large  corpora¬ 
tions  have  started  offering  them  to  employees. 

As  interest  in  PHRs  grows,  however,  some  doctors  and 
privacy  advocates  question  whether  such  digital  repositories 
are  covered  by  federal  privacy  regulations.  “Organizations 
that  operate  the  PHR  may  not  be  covered  by  HIPAA,”  says  Paul 
Tang,  VP  chief  medical  information  officer  at  Palo  Alto  Medical 
Foundation.  “The  people  who  own  the  databases  that  hold  your 
medical  records  are  not  regulated  by  HIPAA  in  terms  of  what 
they  do  with  the  data."  Tang’s  concern  is  that  third-party  PHR 
providers  are  not  technically  governed  by  HIPAA  so  they  don't 
have  to  comply  with  it,  even  though  many  say  they  do. 

A  spokesman  for  the  Department  of  Health  and  Human  Ser¬ 
vices  acknowledges  that  PHRs  are  not  technically  covered  by 
HIPAA.  However,  organizations  that  maintain  PHRs  and  are  them¬ 


selves  covered  under  HIPAA  (health  plans  and  healthcare  provid¬ 
ers,  for  example)  are  subject  to  compliance.  But  certain  types  of 
entities  that  provide  PHRs  may  not  be  covered  by  HIPAA.  HHS  is 
examining  privacy  and  security  issues  related  to  PHRs,  and  consid¬ 
ering  what  steps  need  to  be  taken. 

Craig  Froude,  WebMD’s  executive  vice  president  of  health  ser¬ 
vices,  says  PHRs  are  private  and  secure  because  the  companies 
that  WebMD  works  with  are  covered  under  HIPAA.  “We’re  com¬ 
pliant  and  our  clients  are  compliant,”  he  says.  WebMD’s  privacy 
policy  states  that  it  abides  by  HIPAA  guidelines,  even  though  it  is 

not  technically  covered  by  the  reg¬ 
ulation.  This  means  that  WebMD 
agrees  not  to  sell  or  release  per¬ 
sonal  healthcare  information. 

However,  other  PHR  providers 
may  not  have  such  stringent  pri¬ 
vacy  guidelines.  “As  a  consumer, 
you  will  need  to  read  the  privacy 
policy  of  any  group  providing  a 
PHR,"  Froude  says. 

There  needs  to  be  greater 
legal  protection  of  patient  data  in  PHRs,  says  Dan  Rode,  vice 
president  of  policy  and  government  relations  for  the  American 
Health  Information  Management  Association,  a  professional 
organization.  Now,  he  says,  it’s  not  always  clear  whether  the 
data  is  protected  under  HIPAA. 

“People  need  to  have  clear  rights  as  to  who  has  access  to 
their  medical  records,”  Rode  says.  His  organization  is  finishing 
a  position  statement  calling  on  providers  of  PHRs  to  make  it 
clear  who  has  access  to  their  data.  -S.P. 


Third-party 
PHR  providers  aren’t 
technically  governed 
by  HIPAA  so  they 
don’t  have  to  comply 
with  it,  even  though 
many  say  they  do. 


78  OCTOBER  15,  2006  |  www.cio.com 


Knowledge  at  Your  Fingertips 

on  ClO.com’s  White  Paper  Library 

VisittheCIO.com  WhitePaper  Library  for  case  studies 
and  educational  tools,  searchable  by  IT  categories. 


White  Paper  Topics  Include 
»  Business  Continuity 

»  Business  Intelligence 

» IT  Management 

»  Mobile/Wireless 

»  Open  Source 

»  Outsourcing 

»  Privacy  &  Security 

»  SOA/Web  Services 

»  Software 

»  Storage 

»VOIP 


"Home, 


Business 

Technology 

Leadership 


Attend  CIO  magazine’s  fourth  annual  The  Year  Ahead 
conference  and  walk  away  with  actionable  ideas  you  can 
begin  to  implement  right  away.  Understand  the  forces 
driving  business  and  technology,  so  you're  in  a  better 
position  to  help  prepare  your  organization  for  future  growth. 


Forward-looking  CIOs  and  senior  IT  executives  attend  CIO|07  in  order  to: 

►  evaluate  best  business  and  technology  practices 

►  understand  key  social,  economic  and  political  trends 

►  prepare  for  more  effective  CEO  &  business  partner  collaboration 


Sunday,  November  5,  2006 

CIO  Golf  Tournament 

8:00  AM  -  1:30  PM 

Everyone  is  invited  to  join,  so  come  on  out,  have  a  good  time  and  network 
with  some  new  friends.  Underwritten  by  Cingular  Wireless. 

CIO  Executive  Council 
Open  House  3:30  PM  -  5:00  PM 
Join  the  CIO  Executive  Council  staff  to  expand  your  network  of  CIO  peers  and  learn  about  the  current  initiatives, 
including  demos  of  the  IT  Value  Matrix  &  Knowledge  Center  and  Strategic  CIO  Benchmark. 


Welcome  Reception 
6:00  PM  -  7:00  PM 

Enjoy  light  refreshments  and  cocktails  while  you  get  to  know  your  CIO  peers.  Find  out  who’s  “on  their  game” 
with  the  announcement  of  the  CIO  Golf  Tournament  awards. 

Throughout  CIO|07  The  Year  Ahead 

Join  Conversations  &  Make  Connections 

CIO  magazine  and  the  event  staff  will  be  happy  to  help  you  connect  with  the  people  you  most  want  to  meet  during 
any  networking  session. 


Underwriter 


Official  Hosts 


%  cingular 

^  raising  the  bar  ..till 


<bmcsoftware  i  R  i  s  e'  4}  redhat. 

VISUALIZE  INNOVATE  DELIVER* 


:::  BlackBerry 


Symantec.. 


Corporate  Sponsors 


CONSENTRY 

NETWORKS 


CJQD  TECHNOLOGY 

THE  QUERY  DATABASE  COMPANY 


►  Key  Topic  Highlights 

By  attending  these  thought  provoking  sessions  over  CIO’s 
two-day  conference,  senior  IT  executives  will  be  able  to: 

►  discover  how  to  stay  ahead  of  the  trends 

►  learn  how  to  respond  decisively  to  each  major  challenge 

►  interact  with  the  best  strategic  thinkers  in  the  business 


Monday,  November  6,  2006 

8:15  AM -9:15  AM 

KEYNOTE:  Polishing  the  Crystal  Ball:  Predictions  for  the 
Economy 

9:15  AM  -  10:00  AM 

How  the  Next  Generation  Views  and  Uses  Technology 
11:55  AM  -  12:40  PM 

Confronting  Global  Demographics:  Prospering  Despite  a 
Workforce  Shortage 

2:15  PM -3:00  PM 

Working  Better  Together:  The  CEO-CIO  Partnership 
3:00  PM  -  4:00  PM 

Scenario  Planning  For  Disaster:  Interactive  Exercises,  Part  1 
4:15  PM  -  5:30  PM 

Scenario  Planning  For  Disaster:  Interactive  Exercises,  Part  2 

Tuesday,  November  7,  2006 

8:30  AM  -  9:30  AM 

KEYNOTE:  Changing  Your  Business  Model:  The  Message  of  “The 
Long  Tail” 

9:30  AM-  10:15  AM 

When  CIO  Also  Means  Chief  Innovation  Officer 
11:25  AM  -  12:05  PM 

A.  Demographics:  Building  Digital  Cities,  Digital  Citizens 

B.  Technology:  The  Next  Generation  Internet  and  its  Impact 
around  the  World 

12:10  PM  -  12:50  PM 

A.  Demographics:  Going  Green:  The  Role  of  IT 

B.  Technology:  An  Insider’s  Look  at  Emerging  Technologies 

2:20  PM  -  3:05  PM 

FORUM:  Preparing  For  Tomorrow’s  Enterprise  Architecture 
3:05  PM  -  3:50  PM 

KEYNOTE:  Privacy:  The  Road  Ahead 


►  Conference  Speakers 

Conference  Moderator: 

Jonathan  Zittrain,  Professor  of  Internet  Governance  and 
Regulation,  Oxford  University 

Speakers: 

David  Aronoff,  General  Partner,  IDG  Ventures 

Jerry  Bartlett,  CIO,  TD  Ameritrade 

Gary  Beach,  Publisher,  CIO  magazine 

Asheem  Chandna,  Partner,  Greylock  Partners 

Joseph  Franz,  Director,  Information  Technology,  Sales 
and  CRM,  Constellation  Energy 

Kevin  Gallagher,  Ph.  D.,  Assistant  Professor,  College  of 
Business,  Florida  State  University 

Lev  Gonick,  Vice  President  for  Information  Technology 
Services  and  CIO,  Case  Western  Reserve  University 

Radford  Jones,  Academic  Specialist,  School  of  Criminal 
Justice,  Michigan  State  University 

Vince  Kellen,  Vice  President,  Information  Services, 
DePaul  University 

Abbie  Lundberg,  Editor  in  Chief,  CIO  magazine 
Carrie  Mathews,  Program  Manager,  CIO  Executive  Council 
Steve  Novak,  CIO,  Kirkland  and  Ellis  LLP 

Richard  Thomas,  Vice  President  &  CTO,  Quintiles 
Transnational  Corp. 

Brit  Weber,  Specialist,  School  of  Criminal  Justice, 
Michigan  State  University 


Wild  Horse  Pass  Resort  &  Spa 


The  resort  is  located  in  the 
Sonoran  Desert  on  an  expanse  of 
rugged  Arizona  landscape  where 
the  ancient  vistas,  mountains  and 
roaming  wild  horses  remain 
untouched.  A  unique  blend  of  two 
cultures,  the  resort  offers  the 
quiet  serenity  created  by  Native 
American  tribes  who  found 
haven’t  here. 


To  learn  more  and  to  register,  visit 
www.cio.com/cio07_2006 


Mid-Market  I  Compliance  Continued  from  Page  78 


rule  took  effect,  only  two  have  been  pros¬ 
ecuted  fully  under  HIPAA. 

Unlike  those  who  have  run  afoul  of  Sar- 
banes-Oxley,  HIPAA  violators  have  not 
faced  high-profile  prosecutions  that  would 
encourage  compliance.  “There  haven’t  been 
any  ‘perp  walks’  before  news  and  televi¬ 
sion  cameras,”  says  Peter  Cizik,  CEO  of 
consultancy  HIPAA  Solutions  Rx. 

Although  HIPAA  violators  are  unlikely 
to  get  into  trouble  with  the  federal  govern¬ 
ment  right  now,  they  should  strive  to  com¬ 
ply  in  order  to  avoid  running  afoul  of  state 
and  federal  privacy  laws  or  getting  involved 
in  costly  class-action  lawsuits,  says  Cizik. 
He  notes  that  HIPAA  provides  a  “floor”  for 


the  Oregon  attorney  general’s  office. 

“Health  care  is  a  ripe  target  for  iden¬ 
tity  theft,”  says  Cizik,  himself  a  victim  of 
the  Providence  breach.  He  notes  that  the 
company  spent  millions  to  pay  for  ID  theft 
protection  services  and  to  defend  against 
a  class-action  lawsuit  filed  on  behalf  of 
former  patients. 

“For  some  organizations,  unless  they 
think  it  can  happen  to  them,  they  won’t  take 
all  the  necessary  steps  to  keep  their  infor¬ 
mation  secure,”  adds  AHIMA’s  Rode. 

A  Plan  for  Action 

As  a  consultant  for  HIPAA  Solutions  Rx, 
Ross  Leo  travels  the  country  to  help  hospi¬ 
tals  and  healthcare  systems  achieve  compli¬ 


Toolbox 


Technologies  to  help  achieve  compliance 

HIPAA  compliance  is  a  goal  all  healthcare  CIOs  need  to  reach.  Experts  say  the  tech¬ 
nologies  listed  below  are  a  key  part  of  a  successful  compliance  effort. 


1  TECHNOLOGY 

VENDORS 

E-mail  encryption 

PGP,  Postini,  PostX,  ZixCorp 

Electronic  medical  records 

athenahealth,  Cerner,  eClinicalWorks, 

Epic,  Misys,  NextGen,  Tripwire 

Single  sign-on  and  access  control 

Passlogix,  SentillionVergence 

Firewalls  and  intrusion  detection 

Check  Point,  Cisco  PIX,  SonicWail 

Remote  auditing  and  monitoring 

Arcsight 

-Compiled  by  Katherine  Walsh 

minimum  standards  of  privacy  and  secu¬ 
rity  and  that  if  state  laws  are  more  stringent, 
they  will  prevail.  In  California,  for  example, 
any  organization  doing  business  there  must 
notify  all  individuals  affected  by  a  breach  of 
personal  information. 

The  widespread  damage  that  a  privacy 
breach  can  cause  in  the  healthcare  arena 
came  to  light  this  year  when  Providence 
Home  Services,  a  division  of  Seattle-based 
Providence  Health  Systems,  revealed  that 
backup  computer  tapes  and  disks  con¬ 
taining  personal  information  and  medical 
records  on  365,000  patients  were  stolen 
from  a  parked  car.  In  addition  to  suffering 
public  embarrassment,  the  healthcare  com¬ 
pany  paid  to  inform  all  its  patients  via  mail 
and  offered  to  pay  for  credit  monitoring  ser¬ 
vices.  The  data  theft  is  under  investigation  by 


ance.  Many  small  and  midsize  facilities  he 
works  with  are  struggling  to  pay  for  system 
upgrades;  still  others  are  moving  slowly  “in 
order  to  be  seen  as  not  ignoring  HIPAA.” 

Leo  feels  their  pain:  He  oversaw  a  HIPAA 
compliance  program  as  CISO  and  direc¬ 
tor  of  IS  for  the  managed  care  division  at 
the  University  of  Texas  Medical  Branch  in 
Galveston.  Some  of  his  clients  can’t  afford 
the  leading-edge  technology  to  track  access 
to  patient  information. 

Leo  suggests  that  companies  in  this  situ¬ 
ation  start  their  compliance  efforts  by  draw¬ 
ing  up  a  “risk  mitigation  plan”  that  outlines 
weaknesses  in  IT  security  and  staff  proce¬ 
dures  for  guarding  data  privacy.  Such  a  plan 
can  help  the  CIO  pinpoint  what  needs  to 
change  and  where  to  target  investment. 

After  a  risk  analysis  assessment,  Leo 


recommends  the  addition  of  or  upgrades 
to  security  systems.  These  can  range  from 
basic  firewalls  to  more  sophisticated  EMRs, 
depending  on  the  hospital’s  budget. 

Even  when  a  hospital  or  clinic  can’t 
afford  large-scale  technology  investments, 
Leo  says  that  changes  to  IT  policies  can  help 
bring  them  toward  HIPAA  compliance.  For 
example,  Leo  worked  with  IT  and  security 
staff  to  develop  policies  for  safe  use  of  the 
Internet  at  a  midsize  Chicago  hospital  that 
was  starting  to  deploy  PCs  with  online 
access  at  workstations.  He  recommended 
that  the  hospital  ban  access  to  patient  data 
on  these  PCs  except  in  certain  cases.  Leo 
also  suggested  barring  remote  access  to  the 
patient  information  database  for  doctors 
and  other  staff  members  who  log  in  from 
personal  computers  or  laptops. 

Leo  says  minor  changes  in  procedure 
can  make  a  big  difference  in  protecting 
patient  data.  For  example,  a  fax  machine 
placed  at  a  nurse’s  station  can  reveal 
patient  information  to  anyone  walking  by. 
“People  usually  think  their  processes  are 
OK  when  they’re  not,”  he  says. 

Taming  Costs 

Cost  is  a  major  stumbling  block  for  CIOs 
determined  to  bring  their  organization  in 
line  with  HIPAA.  In  fact,  the  AHIMA  sur¬ 
vey  found  that  55  percent  of  respondents 
identified  resources  as  their  most  signifi¬ 
cant  barrier  to  full  privacy  compliance. 

When  Kuakini’s  Uno  started  looking 
for  an  EMR  system,  he  knew  cost  would 
play  a  key  role  in  his  decision.  EMRs  are 
not  required  under  HIPAA,  but  they  make 
it  much  easier  to  comply.  Where  other 
facilities  in  the  Honolulu  area  have  spent 
$35  million  to  $40  million  implement¬ 
ing  EMRs,  Uno  would  have  to  get  by  on  a 
much  smaller  budget— approximately  $15 
million.  So  when  he  chose  Cerner  to  pro¬ 
vide  the  EMR,  he  negotiated  carefully  with 
his  longtime  vendor  to  make  sure  he  could 
complete  the  project  on  his  limited  budget. 

“We  examined  each  contract  line  item 
with  a  fine-tooth  comb  to  see  if  it  was  really 
needed  or  if  we  could  find  an  alternative. 
There  were  items  included  that  we  didn’t 
need,  such  as  a  standalone  [uninterrupt¬ 
ible  power  supply],”  says  Uno.  “[Eliminat¬ 
ing]  it  saved  us  a  lot  of  money.  The  bottom 


82  OCTOBER  15,  2006  |  www.cio.com 


SECURE 
YOUR  DATA... 

PROTECT 

YOUR 

REPUTATION. 

Apani  EpiForce  isolates  &  protects  sensitive 
information  to  prevent  unauthorized  access. 

Keep  your  auditors  satisfied  -  call  Apani: 

714.674.1653 


Visit  us  at  www.apani.com/ciomag 


Mid-Market 


Compliance 


line?  You  need  to  know  how  each  item  fits 
in  the  project  infrastructure.” 

To  help  implement  the  EMR  system, 
a  six-member  in-house  IT  team  works  in 
concert  with  the  Cerner  consulting  staff. 
Uno  says  this  approach  has  helped  Kua- 
kini  realize  significant  cost  savings  and 
better  monitor  the  project. 

“Foremost  in  my  mind  during  this  pro¬ 
cess  was  the  fact  that  we  are  not  a  rich  hos¬ 
pital,”  says  Uno.  “We  formed  a  partnership 
with  Cerner  and  keep  constant  tabs  on  the 
cost  of  the  project.” 

The  cost  of  compliance  is  also  on  the 


healthcare  provider  reach  compliance. 

“We  were  looking  for  vendors  who  would 
show  us  how  we  could  use  their  tools  to  meet 
compliance  requirements,”  Casteel  says.  For 
example,  a  partnership  with  Trigeo  helped 
Casteel’s  team  see  how  valuable  system- 
wide  log  management  could  be  in  relation  to 
HIPAA  and  how  the  vendor’s  tool  fit  into  the 
healthcare  provider’s  IT  infrastructure. 

In  that  way,  Casteel  says,  he  has  avoided 
excessive  spending  on  all  new  HIPAA 
security  and  privacy  systems.  One  key  to 
success,  he  says,  is  to  avoid  hype  from  ven¬ 
dors  looking  to  sell  new  products. 

“I  would  avoid  vendors  that  bill  them¬ 
selves  as  HIPAA  compliant,”  he  says,  noting 


several  lesser  provisions  remain  to  be 
implemented.  For  example,  the  deadline 
for  healthcare  organizations  to  start  using 
a  “national  provider  identifier”  (NPI)  is 
next  May.  The  NPI  is  a  unique  health  iden¬ 
tification  number  that  will  be  assigned  to 
healthcare  providers  to  simplify  communi¬ 
cation  between  providers  and  health  plans 
and  to  cut  the  risk  of  fraud. 

Compliant  at  Last 

Uno  intends  to  keep  fine-tuning  his  systems 
to  bring  Kuakini  in  line  with  HIPAA.  It’s 
been  a  long  road  but  compliance  appears 
to  be  just  around  the  corner. 

By  the  first  quarter  of  2007,  Uno  says, 


Out  of 339  complaints  referred  to  the  Justice  Department  for 
possible  criminal  prosecutions  since  the  privacy  rule  took  effect, 

only  two  have  been  prosecuted  fully  under  HIPAA. 


mind  of  Rick  Casteel,  VP  of  MIS  at  Upper 
Chesapeake  Health,  which  has  revenue  of 
$162  million  and  operates  two  hospitals  in 
Harford  County,  Md.  Casteel  started  pre¬ 
paring  for  HIPAA  six  years  ago.  He  con¬ 
siders  HIPAA  an  essential  foundation  for 
assuring  security  and  privacy  of  medical 
data  but  one  that  is  complex  and  demands 
constant  attention  and  dollars.  Casteel 
wouldn’t  specify  how  compliant  Upper 
Chesapeake  is  with  HIPAA,  but  says  he  is 
comfortable  that  “we  have  balanced  elec¬ 
tronic  security  well  against  the  demand  for 
data  and  the  need  for  quality  and  safety.” 
Like  Uno,  he  is  always  looking  to  contain 
his  compliance  costs. 

Casteel  started  his  organization’s  com¬ 
pliance  effort  with  a  complete  inventory  of 
existing  tools  such  as  firewalls  and  other 
security  software  programs.  Upper  Ches¬ 
apeake  undertook  this  assessment  utiliz¬ 
ing  a  Web-based  tool  from  Xpediate.  The 
tool  provided  a  structure  for  an  in-house 
inventory  while  allowing  Casteel  to  use 
internal  resources  rather  than  bring  on 
additional  staff  or  hire  expensive  consult¬ 
ing  assistance.  After  completing  the  inven¬ 
tory,  Casteel  went  to  his  current  vendors 
and  worked  with  them  to  find  different 
versions  of  software  that  would  help  the 


that  HIPAA  provides  a  framework  and  does 
not  require  specific  vendors  or  products. 

Looking  Ahead 

HIPAA  has  pushed  IT  executives  like  Uno 
and  Casteel  to  move  forward  with  EMRs 
and  other  technology  initiatives  that  make 
it  easier  to  audit  access  to  sensitive  patient 
data.  However,  such  systems  also  create 
new  risks  and  new  demands  on  IT. 

“I’m  required  to  give  more  people  access 
to  more  data,”  says  Casteel.  This  increased 
access  provides  more  opportunity  for  data 
to  escape.  “Privacy  breaches  are  what  keeps 
an  IT  manager  up  at  night,”  he  adds. 

Healthcare  CIOs  have  another  reason 
to  focus  on  keeping  their  data  private  and 
secure.  In  2004,  President  George  Bush 
charged  the  IT  and  healthcare  industries 
with  building  a  National  Health  Informa¬ 
tion  Network  (NHIN),  a  system  to  provide 
every  citizen  with  an  electronic  medical 
record  by  2014.  He  appointed  Dr.  David 
Brailer  to  coordinate  the  effort.  Brailer 
resigned  in  April  but  the  Department  of 
Health  and  Human  Services  is  pressing 
ahead  with  NHIN. 

Looking  forward,  Uno  and  Casteel  agree 
that  the  most  important  HIPAA  compli¬ 
ance  deadlines  are  behind  them,  although 


doctors  at  his  hospital  will  use  an  identity 
management  system  from  Oracle.  It  will 
allow  physicians  to  use  a  single  sign-on 
to  gain  access  to  several  hospital  systems; 
it  will  also  provide  clearer  auditing  and 
tracking  to  see  who  has  used  the  systems. 

The  EMR  and  other  in-process  systems 
for  computerized  physician  order  entry 
and  electronic  medication  administration 
records  will  come  online  later  in  the  year. 
“We  hope  to  be  100  percent  HIPAA-com- 
pliant  sometime  in  2007,”  says  Uno. 

Despite  the  financial  burden  of  working 
to  comply  with  HIPAA,  Uno  says,  the  alter¬ 
native-exposure  of  patient  data— could 
spell  disaster.  “With  regards  to  healthcare 
privacy,”  he  says,  “no  one  wants  to  be  in  the 
spotlight.”  BE] 


Susannah  Patton  is  a  California-based  free¬ 
lancer.  To  comment  on  this  article,  go  to  the 
online  version  at  www.cio.com/101506. 


Handling  HIPAA 


For  best  practices,  read  “EIGHT  (NOT  SO) 
SIMPLE  STEPS  TO  THE  HIPAA  FINISH  LINE" 
at  www.cio.com/070103,  and  “HOW  TO 
MEET  TOMORROW’S  PRIVACY  RULES  TODAY” 
at  www.cio.com/110102, 

cio.com 


84  OCTOBER  15,  2006  |  www.cio.com 


because  your  executives  only 
care  about  ONE  ANSWER 

-  the  right  one. 


Now  you  can  deliver  the  data  consistency  your  organization  demands. 

Cognos  8  Business  Intelligence  is  the  only  solution  with  the  advanced  architecture  that 
guarantees  a  consistent,  comprehensive  view  of  information  across  your  enterprise. 

It’s  a  single  product  with  all  BI  capabilities  —  reporting,  analysis,  dashboarding  and  scorecarding. 
With  a  single  query  engine  and  centralized  metadata  layer  that  guarantee  data  consistency. 

And  a  single  web-services  based  SOA  that  seamlessly  integrates  into  your  environment. 

All  of  which  means  that  when  your  executives  ask  questions,  they  get  consistent  answers. 

Visit  www.cognos.com/oneanswer  today. 


Copyright  ©  2006  Cognos  Incorporated.  All  rights  reserved. 


THE  NEXT  LEVEL  OF  PERFORMANCE™ 


Interview  Kevin  Turner 


W-- 


ier  has  occupied  three 
i  the  corporate  C-suite:  CIO, 
what’s  different  and 


in  Business 


86  ;OCTOBER 


2  qo 


CIOs  TODAY  HAVE  MORE  OPPORTUNITIES  THAN  EVER  TO 

move  out  of  IT  and  into  other  C-suite  positions,  including  that  of 
CEO.  Yet  many  IT  executives  worry  that  they  lack  the  knowledge  and 
leadership  skills  to  achieve  success  in  a  new  setting. 

Not  so  for  Kevin  Turner.  His  career  could  serve  as  a  how¬ 
to  for  CIOs  who  are  aiming  for  the  corporate  ladder’s  highest 
rungs.  Turner  became  CIO  at  Wal-Mart,  one  of  the  world's  largest 
companies  and  most  successful  users  of  IT,  at  34.  At  37,  he  was 
promoted  to  run  Sam’s  Clubs  as  its  president  and  CEO,  with  more 
than  46  million  members  and  $37.1  billion  in  annual  sales.  Last 
year,  at  the  age  of  40,  he  left  the  company  where  he’d  spent  his 
career  to  become  COO  at  Microsoft.  There  he  leads  a  global  orga¬ 
nization  of  more  than  32,000  employees,  including  field  sales  and 
marketing  professionals  who  delivered  more  than  $40  billion  in 
revenue  during  fiscal  2005.  As  COO,  he  is  responsible  for  product 
and  customer  support  services,  branding,  advertising,  public  rela¬ 
tions,  market  research  and  relationship  marketing.  He  also  over¬ 
sees  corporate  operations  and  internal  information  technology 
that  supports  the  work  of  71,000  employees  worldwide.  Turner 
serves  on  the  senior  leadership 
team  that  sets  Microsoft’s  strat-  Reader  ROI 


egy  and  direction. 

He  spoke  with  CIO  Editor  in 
Chief  Abbie  Lundberg  during  a 
recent  visit  to  Microsoft  head¬ 
quarters  in  Redmond,  Wash. 


.com 


What  it  takes  to  move  from 
CIO  to  CEO  (or  COO) 

Leadership  skills  you  can 
transfer  from  job  to  job 

How  to  prepare  for  a 
broader  role  in  the  business 


PHOTO  BY  SHANNON  MCINTYRE 


Whether  your  network  extends  across  the  country 
or  around  the  globe,  you  can  rely  on 
Verizon  Business  to  help  you  design  and  manage  it  more 
efficiently.  With  the  power  of  our  far-reaching 
global  IP  network,  our  experts  can  create  integrated 
network  solutions  and  help  you  manage  them. 

verizonbusiness.com 

your 

network. 


managed. 

optimized. 


veriZQribusiness 


©2006  Verizon.  All  Rights  Reserved. 


Interview 


Kevin  Turner 


“The  CEO  role  has  a  lot  of  external  complexities.  Butthe  CIO 
hassomemomentsthatwouldbeverycomparabletothe 

most  difficult  day  of  the  CEO.”  -Kevin  Turner,  Microsoft  COO 


CIO:  When  you  were  Wal-Mart's  CIO, 
what  were  the  three  most  important 
things  you  did  to  prepare  yourself  for  a 
broader  role  in  the  business? 

Kevin  Turner:  When  you’re  in  a  company 
that  believes  in  the  value  of  IT  and  where 
there  are  high  expectations  on  the  delivery  of 
that  value  to  the  business,  the  ability  to  work 
with  people  and  teams  [is  critical.  You  need 
to  be  able  to]  pull  together  a  focused  agenda 
with  clear  definitions  of  success.  So  building 
self-managed,  high-performing  teams  in  IT 
was  a  necessity  that  proved  very  useful  on 
the  business  side. 

Next  would  be  building  relationships 
with  peers  in  the  business  group.  When 
you  work  closely  with  people  to  deliver 
results,  audit  the  payback,  review  what’s 
been  implemented  and  come  up  with 
a  mechanism  to  drive  improvement,  it 
gives  you  a  good  understanding  at  a  high 
level  of  how  the  company  or  the  operation 
works.  That  became  something  I  relied 
heavily  upon  in  my  next  role  [as  CEO  of 
Sam’s  Clubs].  Finally,  an  understanding 
of  what’s  possible  with  technology  and 
the  ability  to  map  it  to  business  problems 
and  solutions  to  drive  results  [is  critical]. 
Applying  that  knowledge  in  the  business 
role  was  instrumental  for  me. 

What  it  takes  to  be  a  successful  CIO 
sounds  similar  to  what  it  takes  to  be 
successful  moving  into  that  broader 
business  role. 

You  have  to  tailor  your  terminology  and 
your  approach,  but  the  principles  are  solid 
and  they  very  much  transport. 

Has  technology  hit  a  tipping  point  in 
terms  of  its  relevance  and  importance  to 
the  business? 

I  think  so.  In  the  early  ’90s,  I  would  have 
characterized  the  CIO  grade  card  [this 
way]:  being  under  budget,  enabling  the 


company  to  grow  and  keeping  the  systems 
running.  Those  were  the  main  drivers  that 
could  get  you  a  decent  grade  as  a  CIO. 

You  still  have  to  do  those  things.  But 
now  the  world-class  companies  are  say¬ 
ing,  “How  can  IT  really  help  us  change 
the  world?  How  can  IT  help  me  change 
my  business  model  and  change  our  game 
against  the  competition?”  That’s  the  biggest 
fundamental  shift. 

Wal-Mart  was  perhaps  on  the  front  side 
of  that  change.  It  is  in  a  very  low-margin 
business  [where  you  have  to  make]  sure 
that  every  dollar  spent  is  accounted  for 
and  that  we  got  the  payback  out  of  it.  I  had 
a  lot  of  help  from  senior  management  to 
say  whether  we  got  what  we  said  we’d  get, 
and  if  not,  why?  Was  it  a  bad  decision,  or 
was  it  something  that  we  simply  didn’t 
execute  as  well  as  we  should  have?  Hav¬ 
ing  that  follow-up  was  important. 

Of  the  positions  you’ve  had  since  being  a 
CIO— COO  and  CEO— which  is  the  more 
natural  next  step  for  an  IT  executive? 

The  CIO  could  graduate  into  either  of  those 
roles,  or  head  of  a  division  or  head  of  pro¬ 
curement  or  marketing,  depending  upon 
the  operation.  The  sophistication  of  what’s 
required  [to  run  a  business]  is  escalating 
like  crazy.  Staying  on  top  of  that  is  some¬ 
thing  CIOs  are  used  to  doing.  They’re  used 
to  a  lot  of  change  coming  their  way.  That 
dynamic  environment  really  puts  them  at 
an  advantage  as  they  go  into  the  business. 

Which  is  the  harder  job:  CIO  or  CEO? 

Well,  it  depends  upon  the  amount  of  change 


Turner  Talks 


Hear  KEVIN  TURNER  and  other  IT  leaders  talk 
about  the  future  of  U.S.  competitiveness  at 

www.cio.com/podcasts/innovation.html. 

cio.com 


you’re  trying  to  introduce  and  the  results 
that  you’re  up  against.  They  both  have 
their  moments.  With  everything  the  CEO 
faces  today  from  the  standpoints  of  gov¬ 
ernance,  competition  and  shareholder 
expectation— let’s  just  say  there’s  less 
under  your  direct  control  than  with  the 
CIO  role.  The  CEO  role  has  a  lot  of  exter¬ 
nal  complexities.  But  the  CIO  has  some 
moments  that  would  be  very  comparable 
to  the  most  difficult  day  of  the  CEO. 

Why  did  you  leave  Wal-Mart  after  almost 
20  years? 

It’s  an  interesting  story.  My  relationship 
with  Microsoft  went  back  14  years  with 
Steve  Ballmer.  I  worked  directly  and  indi¬ 
rectly  with  him  during  my  time  in  Wal- 
Mart’s  IT  department,  then  when  I  was 
CIO,  and  after  I  moved  into  the  business. 

Being  at  one  highly  successful  company 
and  making  the  transition  to  another  was, 
with  the  exception  of  marrying  my  wife, 
the  greatest  single  decision  I  ever  made.  It 
was  a  great  chance  for  me  to  get  back  to 
technology,  which  is  what  I  loved,  but  it 
was  also  a  great  opportunity  to  learn  from 
another  successful  company.  If  I  hadn’t 
moved  [to  Microsoft],  I  probably  would 
have  finished  my  career  [at  Wal-Mart]. 

What  advice  would  you  give  CIOs  who 
are  ready  to  move  to  a  different  role? 

Take  inventory  of  what  you’ve  been 
exposed  to  and  learned.  Make  sure  you 
have  an  understanding  of  how  the  busi¬ 
ness  operates,  the  external  marketplace 
and  how  the  customer  responds.  And 
remember:  Creating  and  driving  business 
value  is  really  meaningful  to  taking  that 
next  step.  QQ 


Abbie  Lundberg  can  be  reached  at  lundberg@ 
cio.com.  To  comment  on  this  article,  go  to  the 
online  version  at  www.cio.com/101506. 


88  OCTOBER  15,  2006  |  www.cio.com 


And  a  network  that  can  handle  it 


CERN  uses  ProCurve  Switches  because 
we  generate  a  colossal  amount  of  .data 
making  dependability  a  top  priority.” 

— David  Foster,  Communication  Systems  Group  Leader,  CERN 


CERN  has  joined  with  ProCurve  to  build  their  network  based 
on  high-performance  security,  reliability  and  flexibility, 
along  with  a  lifetime  warranty.*  From  the  world’s  largest 
applications,  to  a  company-wide  email,  just  think  what 
ProCurve  could  do  for  your  network. 


Get  a  closer  look  at  CERN  and  the 
world’s  biggest  physics  experiment. 
Visit  www.hp.com/go/procurveCERN2. 


For  more  information,  call  (800)  975-7684,  Ref.  Code  CERN2. 


*For  as  long  as  you  own  the  product,  with  next-business-day  advance  replacement 
(available  in  most  countries).  For  details,  refer  to  the  ProCurve  Software  License. 
Warranty  and  Support  booklet  at  http://www.hp.com/rnd/support/warranty/index.htm. 
The  ProCurve  Routing  Switch  9300m  series,  ProCurve  Routing  Switch  9408sl.  ProCurve 
Switch  8100fl  series,  and  the  ProCurve  Access  Control  Server  745wl  have  a  one-year 
warranty  with  extensions  available. 

©  306  Hewlett-Packard  Development  Company.  L.P  Photo  ©  CERN. 


ProCurve  Networking 

HP  Innovation 


Part  of  the  12,000  ton  CMS  particle  detector 
at  CERN,  Geneva,  Switzerland. 

■  '  :  -\'  '  ■>. 

'  r  t**/  *’  .  r  Tj  >V.1  '  ,  t  i 


Ml  Ell 

SALES  AND  SERVICES 


CIO  SALES  OFFICES 

President  and  CEO 

Michael  Friedenberg 
508  935-4310 

Publisher 
Gary  J.  Beach 
508  935-4202 

VP,  National  Associate 
Publisher 

Bob  Melk  •  415  975-2685 

Sales  Operations  Manager 

Dawn  Cora 
508  935-4092 
Fax  *508  879-6063 

EAST  COAST 

VP  Sales,  East 

Brian  Glynn 
508  935-4586 

Regional  Sales  Manager 

Ellie  St.  Louis 
201634-2332 
Senior  Sales  Associate 

Norma  Tamburrino 
201634-2329 
Fax  •  201 634-9513 

NORTH  CENTRAL/ 
SOUTHWEST/SOUTHEAST 

Regional  Sales  Manager 

BethDeVillez 
847  759-2727 

Advertising  Sales  Associate 

Kim  Giovanni 
847  759-2728 
Fax  •  847  759-2729 


WEST  COAST 

Senior  Regional  Sales  Manager 

Ai  Collins -415  975-2686 
Regional  Sales  Manager 
Kevin  Ebmeyer  •  415  975-2684 
Account  Executive 

Derek  Jung  •  415  975-2683 
Fax  •  415  543-2358 

SOUTHERN  CALIFORNIA 

Regional  Sales  Manager 

Kevin  Ebmeyer  •  415  975-2684 

ONLINE  SERVICES 

VP,  Online  Sales 

Jim  Alla  *508  988-6763 

Online  Regional  Sales 
Manager 

Tina  Dudarevitch 
718  279-2396 

Online  Regional  Sales  Manager 

Lori  Kehoe  •  415  978-3329 

Online  District  Sales  Manager 
Sara  Mascall  •  415  978-3385 
Manager,  Online  Account 
Services 

Danielle  Tetreault 
508  988-7969 

Online  Account  Services 
Specialist 

Valerie  Sumner 
508  988-7877 

Online  Ad  Sales  Associate 

Devon  Slattery  •  415  975-2687 

Online  Advertising  Specialist 

Irina  Gabechiia 
508  935-4414 


CUSTOM 
PUBLISHING 
VP,  Integrated  Media 

Matt  Avery 
508  935-4796 

Director  of  Sales 
Mary  Gregory 
508  988-6765 

Executive  Editor  and 
Director  of  Operations 

Tom  Field 

Director,  Integrated 
Project  Management 

Mo  Barrett 

Managing  Editor 

Jim  Malone 

Senior  Project  Manager 

Amy  Greenleaf 

Project  Manager 

Karen  Capland 

LIST  SERVICES 

Contact  Paul  Capone  of  IDG  List 
Services  at  508  370-0865  or 
pcapone@idglist.com. 

REPRINT  SERVICES 

For  article  reprints  (100  quan¬ 
tity  or  more),  please  contact 
Jennifer  Eclipse  at  PARS 
International  at  212  221-9595 
x237  or  via  e-mail  at  jeclipse@ 
parsintl.com. 


CIO  is  published  in  the 
U.S.  as  well  as  in: 

Australia,  CIO  Australia 

www.idg.com.au 

Canada,  CIO  Canada 

cio.itworldcanada.com 

China,  CEO  &  CIO  China 

www.ceocio.com.cn 

France,  CIO  France 

www.idg.fr/cio 

Germany,  CIO  Germany 

www.cio.de 

India,  CIO  India 

91-80-521-0309/12 

Japan,  CIO  Japan 

www.idg.co.jp 

The  Netherlands, 

CIO  Netherlands 
www.cio.nl 

New  Zealand,  CIO  New  Zealand 
www.idg.co.nz 

Norway,  CIO  Business  Standard 
www.business-standard.no 
Poland,  CXO  Poland 
www.cxo.pl 

Singapore,  CIO  ACEN/ 
Flong-Kong  www.idg.com.sg 
South  Korea,  CIO  Korea 
www.cio.seoul.kr 
Sweden,  CIO  Sweden 
www.cio.idg.se 

For  further  sales  information: 

www2.cio.com/marketing/ 

aboutcio/contacts.cfm 


INDEX  OF  COMPANIES  AND  ADVERTISERS 


Page  numbers  refer  to  the  first  page  of  the  article(s)  in  which  the  company  has  a  substantial  mention.  This  index  is 
provided  as  a  service  to  readers.  The  publisher  does  not  assume  any  liability  for  errors  or  omissions. 


COMPANY  INDEX 

Aberdeen  Group  Inc . 48 

Access  Strategies  Inc . 74 

Agere  Systems  Inc . . . 48 

Apple  Computer  Inc . 17 

Bank  of  America  Corp . 17 

BlueCoat  Systems . 27 

Burton  Group . 63 

CernerCorp . 74 

Dell  Inc . 17 

Edmunds.com  Inc . 63 

Forrester  Research  Inc . 27, 48 

Foundation  Capital . 63 

Gartner  Inc . 17, 27, 48, 63, 74 

Google  Inc . 38 

Hewlett-Packard  Development  Co.,  L.P. . 17 

Hinchcliffe&Co . 63 

H I PAA  Solutions  Rx  . 74 

Hitachi  Global  Storage  Technologies . 48 

IBM  Corp . 17 

Imperial  Sugar  Co . 48 

InfoCloud  Solutions  Inc . 63 

Insight  Enterprises  Inc . 17 

Intel  Corp . 17 

Johnson  &  Johnson  . 17 

Launchpad  Communications . 63 

LaxorLLC . 74 

Lenovo  Group  Ltd . 17 

Medco  Health  Solutions  Inc . 17 

Medem  Inc . 74 

Microsoft  Corp . 17, 74,  86 

Mintz  Levin  P.C . 63 

MySpace.com . 38 

NASCAR . 27 

Oracle  Corp . 48, 74 


Orbitz  LLC . 17 

Panasonic  Battery  Corp.  of  America . 17 

PricewaterhouseCoopers . 74 

Procter&  Gamble . 17 

ProgrammableWeb.com . 63 

SAP  AG . 48 

Sears  Brands  LLC . 17 

Skype  Technologies  S.A . 38 

Sony  Energy  Tech  Inc . 17 

Sprint  Nextel  Corp . 17 

Starbucks  Corp . 74 

Sterling  Commerce  . 48 

T.  Rowe  Price . 63 

The  MITRE  Corp . 63 

Trigeo  Network  Security  Inc . 74 

Tyco  Electronics  Corp . 48 

Wal-Mart  Stores  Inc . 86 

WebMD  Inc . 74 

Webroot  Software  Inc . 27 

Wellpoint  Inc . 74 

Wells  Fargo  Investments  LLC . 17 

White  Electronic  Designs  Corp . 63 

Xpediate  Consulting  LLC . 74 

Yankee  Group  Research  Inc . 17 

You  Tube  Inc . 38 

ADVERTISER  INDEX 

3PAR . 9 

Apani  Networks  Inc . 83 

AT&T . 11 

Autonomy . 71 

BearingPoint  Inc . 46 

Brother  International . 77 

CA . C4 

CDW  Corp . 39 


Citrix  Systems  Inc . 51 

Cognos  Inc . 85 

CXO  Media  Inc . 25, 41. 69, 79, 80, 91 

EMC2  Corp . 23 

ESRI . 26 

FrontRange  Solutions . 73 

Fujitsu  Computer  Systems  Corp . 53 

Hewlett-Packard  Co . C2, 5, 

Hewlett-Packard  Co.  (regional) . 29, 89 

HP/Lucent . 43 

Hyperion  Solutions  Corp . 2 

IBM  Corp . 68a 

IBM  Corp.  (regional) . 80 

Intel  Corp . 15 

Iron  Mountain  Inc . 24a 

Mercury . 31 

Microsoft  Corp . 6, 40a,  56 

Microsoft/GXS . 21 

NEC  Corp . 35 

NextPage . 62 

Novell  Inc . 19 

Oracle  Corp . r. . 37 

Perot  Systems . 59 

Pillar  Data  Systems . 33 

Primavera  Systems,  Inc . 61 

RightNow  Technologies  Inc . 16 

Robert  Half  Technology . 13 

Sony  VAIO  BX  Series . C3 

SunGard  Availability  Services . 67 

Unisys  Corp . 55 

VeriSign  Inc . 44 

Verizon . 87 

Verizon  Wireless  . 65 


CIO  CONTACT 
INFORMATION 

Editorial,  Advertising  and 
Business  Offices:  CXO  Media 
Inc.,  492  Old  Connecticut  Path, 
P.O.  Box  9208,  Framingham,  MA 
01701-9208,  508872-0080. 

CIO  (ISSN  0894-9301)  is  pub¬ 
lished  semimonthly  and  as  a 
combined  issue  Dec.  15/Jan.  1  by 
CXO  Media  Inc.  Periodicals  post¬ 
age  paid  at  Framingham,  MA,  and 
at  additional  mailing  offices.  Can¬ 
ada  Publications  Mail  Agreement 
Number  1902075.  CANADIAN 
POSTMASTER:  Please  return 
undeliverable  copy  to  P.O.  Box 
1632,  Windsor,  ON  N9A  7C9. 

Permissions:  Copyright  2006 
by  CXO  Media  Inc.  All  rights 
reserved.  Reproduction  of 
material  appearing  in  CIO 
is  forbidden  without  written 
permission.  Send  all  requests 
to  Yadira  Pizarro,  PARS  Interna¬ 
tional,  212  221-9595,  Ext.  231, 
oryadira@parsintl.com. 

Photocopy  Rights:  Permission 
to  photocopy  for  internal  or 
personal  use  or  the  internal  or 
personal  use  of  specific  clients  is 
granted  by  CIO  for  users  through 
the  Copyright  Clearance  Center, 
provided  that  the  base  fee  of  $3 
per  copy  of  the  article,  plus  $.50 
per  page  is  paid  directly  to  Copy¬ 
right  Clearance  Center,  27  Con¬ 
gress  Street,  Salem,  MA  01970. 
Please  specify:  ISSN  0894-9301. 
Permission  to  photocopy  does 
not  extend  to  contributed  articles 
followed  by  this  symbol:  :}:. 

Subscriptions:  CIO  is  free  to 
qualified  information  executives. 
To  apply,  use  our  online  subscrip¬ 
tion  form  at  www.subscribe. 
cio.com.  Subscriptions  are  also 
available  on  a  paid  basis  at  a 
rate  of  $95  for  the  United  States 
and  Canada,  $195  International 
(payable  in  U.S.  funds  only)  and 
may  be  ordered  online  at  www. 
subscribe.cio.com/services. 
html.  Or  address  inquiries  to 
CIO.  P.O.  Box  489,  Northbrook, 

IL  60065-0489;  866  354-1125. 
Please  allow  four  to  six  weeks  for 
a  new  subscription  to  begin.  The 
single  copy  price  is  $9  for  the 
United  States  and  Canada,  and 
$15  International.  Prepayment  is 
required,  payable  in  U.S.  funds. 

Change  of  Address:  Please  go  to 
www.omeda.com/custsrv/cio 
and  follow  the  online  instructions. 

Postmaster:  Send  change  of 
address  to  C/0,  P.O.  Box  489, 
Northbrook,  IL  60065-9816. 
Printed  in  the  U.S. A. 


90  OCTOBER  15,  2006  |  www.cio.com 


CIO’s  e-Mail  Newsletters 


The  Updated 
Management  &  Enterprise 
Information  You  Want 

Del  i  vered  right  to  your  desktop 

It’s  the  best  way  to  keep  one  step  ahead  of  the  competition. 


^  CIO  Blogs 

This  week’s  top  blog  postings. 

Ijf  CIO  Careers 

Advice  for  your  career  plus  job  postings. 

CIO  Enterprise 

Enterprise-level  technology  information, 
news  and  tools. 

gf  CIOERP 

A  CIO’s  monthly  guide  for  enterprise 
resource  planning. 

CIO  Information  Security 

Security  information  and  news  the  CIO 
needs  to  know  about. 

CIO  Insider 

Your  guide  to  the  latest  from  CIO.com. 

1^  CIO  Leader 

Updates,  insights  and  advice  from 
CIO.com  on  hiring,  firing  and  inspiring. 


I ^  CIO  Magazine  Tech  Poll 

Results  of  our  quarterly  survey,  covering  IT’s 
overall  health  as  well  as  spending  and  trends. 

^  CIO  News  Watch 

The  week’s  top  news  stories. 

^  CIO  Open  Source 

A  monthly  peek  at  what's  happening  in  the 
open  source  realm. 

1 ^  CIO  Research  Update 

Highlights  of  CIO’s  most  recent  IT  research. 

CIOSOA 

Your  resource  for  service-oriented  and 
enterprise  architecture. 

^  CIO  Whitepapers 

Your  guide  to  new  and  upcoming  whitepapers. 

^  CIO  Wireless 

Providing  information  on  emerging  wireless 
technologies  and  infrastructure. 


Sign  up  now  for  CIO’s  COMPLIMENTARY  e-mail  newsletters 

www.cio.com/newsletters 

hub 

Business  Technology  Leadership 


BY  SCOTT  KIRSNER 


I.T.  MVPs 


^PPerid, 

>"ptZ 

8Hfc57V 

B°rn:8-iny 


specialist 

PanciaiSf. 

;  types:  11 
'0,Petown 


?eci*^n^e- 
never been  S  han the /  *  C°nt 

8abe^raPpJCebefon 


Trade ’Em  With  Your  Friends 

Asthe  World  Series  approaches,  we  find  ourselves  wondering:  Don’tthe 
highly  paid,  hard-hitting,  eagle-eyed  MVPs  of  IT deserve  theirowntrading 
cards,  too?  To  rectify  that  situation,  we  created  five.  (Sadly,  we  weren’t  able 
to  persuade  C/O's  publishertoslipa  thin  slab  of  petrified  pinkgum  into 
these  pages  to  accompany  them.) 


siSscr* 

w*“» 


manuap”Q  nse'  didn't y0Ur  S.Pec'al'st’s  all- 

»«.,l7sec  "m'<«Cf0ioWce; 


Donald  “The  Provider” 

Schoenstein 

Project  Manager 
The  Reptile  Enthusiast's 
Catalog 

Ht:6TWt:  210  Types:  88  wpm 

Born:  6-22-63  Hometown:  Pocatello,  Idaho 

Wherever  there’s  a  developer  dozing  during 
a  late-night  coding  session,  or  a  teammate 
blathering  in  front  of  a  PowerPoint  presenta¬ 
tion  “The  Provider’’  is  there,  delivering  pork 
rinds  and  Mountain  Dew,  or  cutting  things  off 
after  Slide  No.  94.  Revered  for  delivering  a 
new  call  center  software  module  on  Thanks¬ 
giving  Day-seven  weeks  ahead  of  schedule. 

Gantt  chart  deadlines  met:  99.6% 

Record  number  of  encouraging  e-mails  sent 
to  team  (one  day):  29 


•rpes:38  WnmD 

%  pulled  3  5oo7°"J  use  emerged  f 

St3nt"ted  NorT bU,nott>ingwZ  Ugfl,he 


Besses  mem*  ■  3  Me.”) 

H^'PZms9 

tnployeesonf  (Self ’^Ported) 


" i>Zn 


iann!) 


c\o 

F^ber  Utilities 

^e,v<hen'«'cedl 
a  CFOs  a^e  c0NN  r  p  table;  h'S 
Vendors  an  oS5aconteren  me\as 

,aCeVgi Seen*  tees  in«'^ delivering 

a"0'"hemeTs^'5'"'e6°aK 

'V°"'  ■  -v****0*'  . 

a4oUWd«~" 

w*-**"*  — — 


92  OCTOBER  15,  2006  |  www.cio.com 


ILLUSTRATION  BY  DAVID  BRINLEY 


Sony  recommends  Windows®  XP  Professional 


like.no.other 


Arrive  fashionably  light 


\/\io 


Sony  VAIO  TX.  High  style  now  coexists  with  cutting-edge  technology.  At  a  feathery  2.8  lbs1,  the  TX  was  born  to  travel 
its  wireless  WAN  technology  lets  you  connect  virtually  anywhere  Sprint’s  broadband  network  is  available.  Thanks  to  a 
long  battery  life  and  razor  thin  design,  it’s  a  powerful  business  tool  in  the  palm  of  your  hands.  The  VAIO  TX.  Think  of  it 
as  a  well-deserved  executive  perk,  sony.com/vaio-tx 


■  Weights  and  measurements  are  approximate  and  may  vary. '  Sprint  Mobile  Broadband  Network  reaches  over  153  million  people  Coverage  not  available  everywhere.  See  coverage  map  for  details.  Requires  new  activation  and  one-or 
two-year  subscriber  agreement  Credit  approval  and  S200  early  termination  fee  apply  Service  defaults  to  Nationwide  Sprint  PCS  Network,  where  available,  if  Sprint  Mobile  Broadband  Network  is  unavailable  Not  available  while 
roaming.  Terms  &  Conditions  and  additional  restrictions  apply  May  not  be  combinable  with  other  offers  Actual  battery  life  may  vary  based  on  product  settings,  usage  patterns  and  environmental  conditions  r  2006  Sony  Electronics 
Inc  All  rights  reserved  Sony,  Sony  logo,  VAIO,  VAIO  logo  and  llke.no  other  are  trademarks  of  Sony  Windows  is  a  registered  trademark  of  Microsoft  Corporation.  Sprint  and  the  “Going  Forward’’  logo  are  trademarks  of  Sprint  Nextel. 


Remember  when  technology 
had  the  ability  to  amaze  you? 


Believe  again. 

Now  you  can  believe  in  a  new  kind  of  IT  management.  Unified  and  simplified  to  make  your 
business  more  productive,  nimble,  competitive  and  secure. 

We  all  know  that  companies  are  demanding  more  from  IT  —  expecting  IT  to  be  a  strategic 
and  competitive  advantage.  Yet  today's  complex  IT  environments  require  you  to  manage 
across  point  solutions,  siloed  organizations  and  redundant  technology. 

A  better  alternative?  Choose  an  integrated  approach  to  IT  management.  An  approach  in 
which  software  unifies  your  people,  processes  and  technology  to  increase  efficiency  and 
optimization.  Only  one  global  software  company  can  do  that.  CA,  formerly  known  as 
Computer  Associates,  has  focused  solely  on  IT  management  software  for  over  30  years. 

Our  technology  vision  that  makes  this  promise  real  is  called  Enterprise  IT  Management, 
or  EITM.  At  its  heart  is  the  CA  Integration  Platform  —  a  common  foundation  of  shared 
services  that  gives  you  real-time,  dynamic  control  and  flexibility.  Its  greatest  benefit? 
CA  software  solutions  come  to  you  already  integrated,  and  able  to  integrate  with  your 
existing  technology  to  optimize  your  entire  IT  environment. 

Ultimately,  a  well-managed  IT  environment  gives  you  the  visibility  and  control  you  need 
to  manage  risk,  manage  costs,  improve  service  and  align  IT  investments.  To  learn  more 
about  how  CA  and  our  wide  array  of  partners  can  help  you  unify  and  simplify  your  IT 
management,  visit  ca.com/unify. 


Copyright  ©  2006  CA.  All  rights  reserved 


Transforming 
IT  Management 


